RSIT.exe by mel byt dle http://www.viry.cz lepčí nez HJT. Mam obcas problemy s nastartovanim systemu, vim ze ho mam zaneradenej vsemoznejma instalacema a ze jedinym ucinnym lekem by byl reinstal, jenze uz sem to tu resil vice ci mene uspesne nekolikrat, a vzdycky se trochu zadarilo to zlepsit, treba se ted zadari vice.
Pro upresneni: kdykoliv se mi objevi problem s nastartovanim systemu az do zobrazeni plochy, kdy se mi proste boot zastavi a nejde prakticky nic ovladat tak podstoupim nasledujici leceni restartem do stavu nouze, kde vycistim vse ccleinerem a Atf-Cleaner_3.0.1 a pak se mi vetsinou do trech tvrdych resetu podari aby system nabehl a byl stabilni. Kdyz ne tak musim procistit ve stavu nouze ComboFixem.
Osvedcilo se mi pri tom vsem odpojit wifi kabel od internetu. Ted si uvedomuju ze to co odpojuju je jen wifi antena, takze nevypinam wifi vylozene najisto... pravda je ze signal vetsinou ztrati.
Sice mam nainstalovanej Sunbelt Personal Firewall a i snad nastavenej slusne, nechapu ale proc a co mi vypina ten windosackej firewall? zeby Sunbelt Personal Firewall? Nemuzou snad pracovat soucasne ty firewally? Kdyz se podivam na konfiguraci vyjimek ve windows firewallu tak tam mam asi 30x stejnou polozku "Akamai NetSession Interface", kdyz je smazu stejne se tam za cas znova samy vytvori, jakoby se mi tam replikovala a sama si otevirala TPC porty. Nevim jestli je to normalni ale me se to nezda.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Petr at 2009-06-20 19:53:08
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 77 GB (13%) free of 610 GB
Total RAM: 2046 MB (30% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53, on 2009-06-20
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\SOUNDMAN.EXE
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\PdaNet for iPhone\PdaNetPC.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Winamp\winamp.exe
C:\PROGRA~1\ICQ6.5\ICQ.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Documents and Settings\Petr\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Petr.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Startup Cleaner] C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-21-1220945662-606747145-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-1220945662-606747145-839522115-500\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for iPhone\PdaNetPC.exe
O4 - Startup: Total Commander.lnk = C:\Program Files\totalcmd\TOTALCMD.EXE
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://193.165.78.6/VatDec.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5919371546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1786278468
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9aa39b7cae9da) (gupdate1c9aa39b7cae9da) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Temperature Service (HDD Temperature) - Windows (R) Server 2003 DDK provider - (no file)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\RpcSandraSrv.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 16128 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\20090323_202000_Petr.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2009-05-19 171208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-03-04 1194496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2007-10-17 491520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932}]
NTIECatcher Class - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll [2004-07-19 49152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-01 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-01 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2007-10-17 491520]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2009-05-19 670840]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-03-04 1194496]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-08-08 1828136]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-07-20 182808]
"DiscWizardMonitor.exe"=C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe [2007-09-10 1188152]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-10-09 333120]
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-07-16 61440]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2008-06-18 77824]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-07-23 16804864]
"QuickTime Task"=C:\Program Files\QuickTime Alternative\qttask.exe [2008-11-04 413696]
"Startup Cleaner"=C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe [2006-10-08 122880]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2008-12-16 4375032]
"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2008-12-16 962128]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2008-12-16 165144]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2008-04-14 171008]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"uTorrent"=C:\Program Files\uTorrent\utorrent.exe [2009-02-15 270128]
"OEXPRESS"=C:\WINDOWS\OETRN.EXE [2007-10-17 26624]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-03-01 172792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth]
C:\Program Files\HDD Health\hddhealth.exe [2008-06-15 1692672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-05-16 213936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2006-05-16 213936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-05-16 86960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-01 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Metacafe.lnk]
C:\PROGRA~1\Metacafe\METACA~1.EXE [2009-02-17 145736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Ralink Wireless Utility.lnk]
C:\PROGRA~1\RALINK\Common\RaUI.exe [2006-05-16 614400]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Metacafe.lnk]
C:\PROGRA~1\Metacafe\METACA~1.EXE [2009-02-17 145736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TryAndDecideService"=2
"PnkBstrA"=2
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Documents and Settings\Petr\Nabídka Start\Programy\Po spuštění
PdaNet Desktop.lnk - C:\Program Files\PdaNet for iPhone\PdaNetPC.exe
Total Commander.lnk - C:\Program Files\totalcmd\TOTALCMD.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-08-01 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-01-30 200064]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe"="C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"F:\Games\[ PC Games ] - Age of Empires II(FULL)\empires2.exe"="F:\Games\[ PC Games ] - Age of Empires II(FULL)\empires2.exe:*:Enabled:Age of Empires II"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe:*:Enabled:Sunbelt Firewall GUI"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\MirandaPortable\App\miranda\miranda32.exe"="C:\Program Files\MirandaPortable\App\miranda\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======File associations======
.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
======List of files/folders created in the last 1 months======
2009-06-20 19:53:08 ----D---- C:\rsit
2009-06-20 12:01:01 ----D---- C:\Program Files\ICQ6.5
2009-06-20 09:14:17 ----D---- C:\WINDOWS\LastGood
2009-06-20 09:11:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-09 21:37:50 ----D---- C:\Program Files\Adobe Media Player
2009-06-01 20:00:09 ----D---- C:\Program Files\FotoLapse
2009-06-01 19:16:55 ----A---- C:\WINDOWS\system32\mioengine.exe
2009-06-01 19:16:52 ----D---- C:\Documents and Settings\Petr\Data aplikací\mioObjects
2009-05-25 20:01:24 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-05-25 20:01:24 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-05-25 20:01:24 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-05-25 20:01:24 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-05-25 20:01:23 ----A---- C:\WINDOWS\avisplitter.ini
2009-05-25 20:01:22 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-05-25 20:01:22 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-05-25 20:01:22 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-05-25 20:01:22 ----A---- C:\WINDOWS\system32\x264vfw.dll
2009-05-25 20:01:21 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2009-05-25 20:01:21 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-05-25 20:01:21 ----A---- C:\WINDOWS\system32\divx.dll
2009-05-25 20:01:20 ----A---- C:\WINDOWS\system32\pthreadGC2.dll
2009-05-25 20:01:20 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-05-25 20:01:20 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-05-25 20:01:18 ----D---- C:\Program Files\K-Lite Codec Pack
2009-05-25 20:01:18 ----D---- C:\Documents and Settings\Petr\Data aplikací\Real
2009-05-25 20:01:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2009-05-24 20:54:35 ----A---- C:\WINDOWS\CONTEXT.INI
======List of files/folders modified in the last 1 months======
2009-06-20 19:53:16 ----D---- C:\WINDOWS\Prefetch
2009-06-20 19:45:15 ----D---- C:\Documents and Settings\Petr\Data aplikací\uTorrent
2009-06-20 19:11:59 ----D---- C:\Program Files\Common Files\Akamai
2009-06-20 18:54:42 ----D---- C:\Movies
2009-06-20 18:38:26 ----A---- C:\WINDOWS\WINCMD.INI
2009-06-20 18:35:24 ----D---- C:\Program Files\MediaCoder iPhone Edition
2009-06-20 18:27:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2009-06-20 17:23:27 ----D---- C:\Program Files\Mozilla Firefox 3 Beta 5
2009-06-20 17:15:22 ----D---- C:\WINDOWS\temp
2009-06-20 12:02:45 ----D---- C:\Program Files\ICQ6
2009-06-20 12:01:01 ----RD---- C:\Program Files
2009-06-20 09:15:02 ----HD---- C:\WINDOWS\inf
2009-06-20 09:15:01 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-20 09:14:17 ----D---- C:\WINDOWS
2009-06-20 09:13:09 ----D---- C:\Documents and Settings\Petr\Data aplikací\Orbit
2009-06-20 09:11:49 ----D---- C:\WINDOWS\system32\drivers
2009-06-20 09:01:46 ----D---- C:\WINDOWS\system32
2009-06-20 08:44:09 ----D---- C:\Music
2009-06-19 20:43:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-06-19 19:56:37 ----D---- C:\Pro vypálení DVD
2009-06-19 19:55:41 ----D---- C:\Convert mediacoder
2009-06-19 19:39:13 ----D---- C:\Downloads
2009-06-19 18:50:10 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-19 16:27:39 ----A---- C:\WINDOWS\WDICT32.INI
2009-06-17 20:53:40 ----A---- C:\WINDOWS\winamp.ini
2009-06-16 20:44:28 ----D---- C:\WINDOWS\A5W_DATA
2009-06-16 20:44:28 ----A---- C:\WINDOWS\A5W.INI
2009-06-15 21:55:38 ----D---- C:\Documents and Settings\Petr\Data aplikací\Skype
2009-06-15 16:59:46 ----D---- C:\Documents and Settings\Petr\Data aplikací\skypePM
2009-06-10 15:50:51 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-09 21:37:50 ----SHD---- C:\WINDOWS\Installer
2009-06-09 21:37:50 ----SHD---- C:\Config.Msi
2009-06-07 21:41:55 ----D---- C:\Program Files\Orbitdownloader
2009-06-03 06:28:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-01 18:09:52 ----D---- C:\Program Files\Google
2009-05-31 18:49:33 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-31 18:49:24 ----D---- C:\Program Files\MozyHome
2009-05-31 17:04:20 ----SD---- C:\WINDOWS\Tasks
2009-05-22 18:41:40 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2009-05-22 18:41:27 ----D---- C:\Program Files\SpywareBlaster
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 FileDisk;FileDisk; C:\WINDOWS\system32\drivers\FileDisk.sys [2008-04-17 9341]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 mozyFilter;mozyFilter; C:\WINDOWS\system32\DRIVERS\mozy.sys [2009-05-15 53240]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-14 46652]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-02-25 21275]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-21 16512]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-06-17 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-06-17 25416]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [1999-07-20 73216]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-04-07 44704]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-01 3266560]
R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [2008-05-15 171520]
R3 BridgeMP;Miniport mostu MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-24 4749824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-06-16 10368]
R3 pnetmdm;PdaNet Modem; C:\WINDOWS\system32\DRIVERS\pnetmdm.sys [2006-09-28 9472]
R3 RT61;Ralink RT61 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-05-04 380928]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 tenCapture;tenCapture; C:\WINDOWS\system32\DRIVERS\tenCapture.sys [2007-04-21 9344]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
S1 amdtools;AMD Special Tools Driver; C:\WINDOWS\system32\drivers\amdtools.sys []
S1 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys []
S1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S2 EIO;EIO; C:\WINDOWS\system32\drivers\EIO.sys []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; C:\WINDOWS\system32\drivers\Ad-Watch Connect Filter.sys []
S3 aecrb3jo;aecrb3jo; C:\WINDOWS\system32\drivers\aecrb3jo.sys []
S3 AMDPCI;AMDPCI; C:\WINDOWS\system32\drivers\AMDPCI.sys []
S3 Bridge;Most MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 Cap7134;Philips SAA7134 WDM Capture; C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-11-05 334816]
S3 catchme;catchme; \??\C:\DOCUME~1\Petr\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 FlyPCI;FlyPCI; \??\C:\WINDOWS\system32\drivers\FlyPCI.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GMSIPCI;GMSIPCI; C:\WINDOWS\system32\drivers\GMSIPCI.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-11-13 25280]
S3 ltaotqui;ltaotqui; \??\C:\DOCUME~1\Petr\LOCALS~1\Temp\ltaotqui.sys []
S3 mirrorv3;mirrorv3; C:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSICPL;MSICPL; C:\WINDOWS\system32\drivers\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 NRKCTL32;NRKCTL32; C:\WINDOWS\system32\drivers\NRKCTL32.sys []
S3 NTACCESS;NTACCESS; C:\WINDOWS\system32\drivers\NTACCESS.sys []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-10-22 47360]
S3 PhTVTune;TCL2002 TV Tuner; C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-11-05 19904]
S3 Profos;Profos; C:\WINDOWS\system32\drivers\Profos.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 RT73;AirLive Turbo-G USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; C:\WINDOWS\system32\drivers\SetupNTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 Trufos;Trufos; C:\WINDOWS\system32\drivers\Trufos.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\system32\drivers\Video3D.sys []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-12-16 554264]
R2 Akamai;Akamai; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-08-01 573440]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2008-07-20 354840]
R2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840]
R2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-09-24 596840]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-01 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 mozybackup;MozyHome Backup Service; C:\Program Files\MozyHome\mozybackup.exe [2009-05-15 78136]
R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-02-01 107832]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-03-01 603904]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-07-31 593920]
S2 gupdate1c9aa39b7cae9da;Google Update Service (gupdate1c9aa39b7cae9da); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
S2 MSSQL$CSSQL05;SQL Server (CSSQL05); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-01-16 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-01-23 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;Tiskový server TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2001-10-25 19456]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SandraDataSrv;SiSoftware Database Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\Win32\RpcDataSrv.exe [2007-08-15 184504]
S3 SandraTheSrv;SiSoftware Sandra Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\RpcSandraSrv.exe [2007-08-15 1261760]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-03-01 360192]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 COM Service;COM Service; C:\Program Files\GIGABYTE\C.O.M\GCSVR.EXE []
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Prosím o kontrolu logu z RSIT Vyřešeno
-
legendaryboy
- Level 1
- Příspěvky: 80
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu z RSIT
Vytvoř si na disku novou složku a nějak si ji pojmenuj (např: C:\Bfu)
- Stáhni si Brute Force Uninstaller
- Rozbal si stažený soubor do již vytvořeného adresáře
- Pravým tlačítkem myši klikni zde
a vyber možnost Uložit odkaz jako a ulož si ho opět do již vytvořeného adresáře
* Restartuj počítač do nouzového režimu
* Běž do adresáře kde kde máš stažený program
* Spusť program Brute Force Uninstaller (BFU.exe)
* Po zobrazeni okna programu klikni vpravo na ikonu adresáře (žlutá a Open script file...)
* Vyber tam soubor EGDACCESS.bfu a klikni na tlačítko Otevřít
* Dostaneš se zpět na úvodní obrazovku a tam klikni dole na tlačítko Execute a nech program pracovat
* Počkej až vyskočí okno Complete script execution a stiskni OK
* Pak zmáčkni tlačítko Exit kterým ukončíš program.
Pak restartuj zpět do normálního režimu.
****************************************************************************************************************************************
Vypni rez. ochranu u Avastu+deaktivuj Kerio.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Podívám se zítra..
- Stáhni si Brute Force Uninstaller
- Rozbal si stažený soubor do již vytvořeného adresáře
- Pravým tlačítkem myši klikni zde
a vyber možnost Uložit odkaz jako a ulož si ho opět do již vytvořeného adresáře
* Restartuj počítač do nouzového režimu
* Běž do adresáře kde kde máš stažený program
* Spusť program Brute Force Uninstaller (BFU.exe)
* Po zobrazeni okna programu klikni vpravo na ikonu adresáře (žlutá a Open script file...)
* Vyber tam soubor EGDACCESS.bfu a klikni na tlačítko Otevřít
* Dostaneš se zpět na úvodní obrazovku a tam klikni dole na tlačítko Execute a nech program pracovat
* Počkej až vyskočí okno Complete script execution a stiskni OK
* Pak zmáčkni tlačítko Exit kterým ukončíš program.
Pak restartuj zpět do normálního režimu.
****************************************************************************************************************************************
Vypni rez. ochranu u Avastu+deaktivuj Kerio.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Podívám se zítra..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
legendaryboy
- Level 1
- Příspěvky: 80
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu z RSIT
Takze sem se snazil postupovat dle navodu vse OK, restartil sem do normalniho rezimu vsechna bezici okna sem zavrel, deaktivoval stit Avastu a Keria, pro jistotu sem i ukoncil vsechny aplikace v system tray krome Avastu, Keria a The MozyHome, ktery nema Exit. Spustil sem COmboFIXm, normalne si jel ale v bode 7 sam od sebe vyskocil Expiration check trial verze keria, nacez sem se zhrozil. Samozrejme se to seklo, Combo nedojelo ani ten bod 7. Pockal sem pro jistotu 20 min. Ani se to nepohlo. Reset do stavu nouze. ComboFIX. Normalne dojel vyhodil log. Teda nevim co je normalne, po dobu scenovani to vyhazuje standardne mozna 2x(na zacatku a na konci scanu) okno, v kterem je neco ve smyslu "system je spusten v nouzovem rezimu, chcete pokracovat? ANO-NE" Tentokrat sem na ANO radej neklikal a dojelo to taky do logu. V prubehu scenu sem si vsiml ze to hlasilo smazani souboru z system32/mfc45.dll.
Prvni log je tedy ze stavu nouze.
Druhy log je z normalniho rezimu, tentokrat me napadlo uplne vypnout Kerio aby nehazelo to okenko Expiration check. Dojelo to v cca 16 min. pak sem chtel nahodit kerio tak sem se odhlasil a prihlasil do win, jenze kerio se nespustilo, a omylem sem spustil firefox na chvili bez Keria. No snad se nic nestalo...
ComboFix 09-06-21.01 - Petr 2009-06-22 20:23.22 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2046.1684 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090621-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\mfc45.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-22 do 2009-06-22 )))))))))))))))))))))))))))))))
.
2009-06-22 18:02 . 2009-06-22 18:02 -------- d-----w- c:\windows\LastGood
2009-06-22 17:52 . 2009-06-22 17:52 -------- d-----w- c:\windows\system32\bfubackups
2009-06-22 17:43 . 2009-06-22 17:45 -------- d-----w- C:\bbfu
2009-06-20 17:53 . 2009-06-20 17:53 -------- d-----w- C:\rsit
2009-06-20 10:01 . 2009-06-20 11:46 -------- d-----w- c:\program files\ICQ6.5
2009-06-09 19:37 . 2009-06-09 19:37 -------- d-----w- c:\program files\Adobe Media Player
2009-06-01 18:00 . 2009-06-07 19:06 -------- d-----w- c:\program files\FotoLapse
2009-06-01 17:16 . 2009-06-01 17:16 407047 ----a-w- c:\windows\system32\mioengine.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-22 18:06 . 2001-10-25 14:00 530496 ----a-w- c:\windows\system32\perfh005.dat
2009-06-22 18:06 . 2001-10-25 14:00 119168 ----a-w- c:\windows\system32\perfc005.dat
2009-06-22 17:33 . 2008-07-21 19:01 -------- d-----w- c:\program files\Common Files\Akamai
2009-06-22 17:32 . 2008-05-15 20:31 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2009-06-20 16:35 . 2008-06-16 17:43 -------- d-----w- c:\program files\MediaCoder iPhone Edition
2009-06-20 10:02 . 2007-10-25 09:30 -------- d-----w- c:\program files\ICQ6
2009-06-07 19:41 . 2008-12-07 19:05 -------- d-----w- c:\program files\Orbitdownloader
2009-06-01 16:09 . 2008-01-05 11:17 -------- d-----w- c:\program files\Google
2009-05-31 16:49 . 2008-06-05 16:28 -------- d-----w- c:\program files\MozyHome
2009-05-25 18:02 . 2009-05-25 18:01 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-22 16:41 . 2009-03-02 15:11 -------- d-----w- c:\program files\SpywareBlaster
2009-05-19 19:26 . 2009-05-19 19:25 -------- d-----w- c:\program files\Dobrý farmář
2009-05-17 11:44 . 2009-05-17 11:44 -------- d-----w- c:\program files\Bagger-Simulator 2008
2009-05-16 20:15 . 2009-05-16 20:15 -------- d-----w- c:\program files\Cogs
2009-05-16 12:44 . 2009-05-16 12:43 -------- d-----w- c:\program files\iPhoneRingToneMaker
2009-05-15 18:57 . 2009-03-02 15:10 -------- d-----w- c:\program files\Lavasoft
2009-05-15 11:04 . 2008-06-05 16:28 53240 ----a-w- c:\windows\system32\drivers\mozy.sys
2009-05-12 16:24 . 2009-02-05 16:35 83616 ----a-w- C:\GDIPFONTCACHEV1.DAT
2009-05-12 11:17 . 2009-03-03 15:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-12 09:45 . 2007-10-25 21:01 -------- d-----w- c:\program files\MediaCoder
2009-05-11 10:43 . 2009-01-18 20:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-06 17:50 . 2009-04-28 15:22 -------- d-----w- c:\program files\Microsoft Research
2009-05-06 17:03 . 2009-05-06 17:03 -------- d-----w- c:\program files\Microsoft Virtual PC
2009-05-05 22:31 . 2009-05-25 18:01 2402304 ----a-w- c:\windows\system32\x264vfw.dll
2009-04-29 09:27 . 2007-10-25 20:22 -------- d-----w- c:\program files\Microsoft SQL Server
2009-04-28 15:17 . 2007-10-03 21:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-28 15:08 . 2007-10-14 20:53 -------- d-----w- c:\program files\MSBuild
2009-04-28 15:08 . 2007-10-14 20:51 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-04-07 17:02 . 2009-04-07 17:02 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys
2009-04-07 17:02 . 2008-06-15 18:58 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-04-07 17:02 . 2008-06-15 18:58 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-04-07 17:02 . 2009-04-07 17:02 134272 ----a-w- c:\windows\system32\drivers\snman380.sys
2009-04-06 15:53 . 2009-04-06 15:53 737280 ----a-w- c:\windows\iun6002.exe
2009-04-06 13:32 . 2009-01-18 20:48 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-01-18 20:48 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-02 13:21 . 2009-05-25 18:01 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2008-01-08 18:47 . 2008-01-08 18:47 61 --sh--w- c:\windows\cnerolf.bin
2009-02-18 16:59 . 2009-02-18 16:47 907296 --sha-w- c:\windows\system32\drivers\fidbox.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-05-15 11:04 2833208 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-05-15 11:04 2833208 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-02-15 270128]
"OEXPRESS"="c:\windows\OETRN.EXE" [2007-10-17 26624]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-09-10 1188152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2008-11-04 413696]
"Startup Cleaner"="c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe" [2006-10-08 122880]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-12-16 4375032]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-12-16 962128]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-12-16 165144]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 171008]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-23 16804864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Petr\Nabˇdka Start\Programy\Po spuçtŘnˇ\
PdaNet Desktop.lnk - c:\program files\PdaNet for iPhone\PdaNetPC.exe [2009-2-4 163840]
Total Commander.lnk - c:\program files\totalcmd\TOTALCMD.EXE [2008-3-7 1080264]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-5-15 2871608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Metacafe.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Ralink Wireless Utility.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Metacafe.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TryAndDecideService"=2 (0x2)
"PnkBstrA"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"36X Raid Configurer"=c:\windows\system32\JMRaidSetup.exe boot
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 5\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Games\\[ PC Games ] - Age of Empires II(FULL)\\empires2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\SbPFCl.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\MirandaPortable\\App\\miranda\\miranda32.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2689:TCP"= 2689:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"2020:TCP"= 2020:TCP:Akamai NetSession Interface
"1282:TCP"= 1282:TCP:Akamai NetSession Interface
"3044:TCP"= 3044:TCP:Akamai NetSession Interface
"4370:TCP"= 4370:TCP:Akamai NetSession Interface
"1992:TCP"= 1992:TCP:Akamai NetSession Interface
"3773:TCP"= 3773:TCP:Akamai NetSession Interface
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"1121:TCP"= 1121:TCP:Akamai NetSession Interface
"1038:TCP"= 1038:TCP:Akamai NetSession Interface
"1279:TCP"= 1279:TCP:Akamai NetSession Interface
"2027:TCP"= 2027:TCP:Akamai NetSession Interface
"4771:TCP"= 4771:TCP:Akamai NetSession Interface
"1039:TCP"= 1039:TCP:Akamai NetSession Interface
"2666:TCP"= 2666:TCP:Akamai NetSession Interface
"2851:TCP"= 2851:TCP:Akamai NetSession Interface
"4510:TCP"= 4510:TCP:Akamai NetSession Interface
"4689:TCP"= 4689:TCP:Akamai NetSession Interface
"4875:TCP"= 4875:TCP:Akamai NetSession Interface
"2309:TCP"= 2309:TCP:Akamai NetSession Interface
"3579:TCP"= 3579:TCP:Akamai NetSession Interface
"3829:TCP"= 3829:TCP:Akamai NetSession Interface
"1879:TCP"= 1879:TCP:Akamai NetSession Interface
"2574:TCP"= 2574:TCP:Akamai NetSession Interface
"2410:TCP"= 2410:TCP:Akamai NetSession Interface
"3116:TCP"= 3116:TCP:Akamai NetSession Interface
"4933:TCP"= 4933:TCP:Akamai NetSession Interface
"1414:TCP"= 1414:TCP:Akamai NetSession Interface
"2490:TCP"= 2490:TCP:Akamai NetSession Interface
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"1969:TCP"= 1969:TCP:Akamai NetSession Interface
"4369:TCP"= 4369:TCP:Akamai NetSession Interface
"2241:TCP"= 2241:TCP:Akamai NetSession Interface
"1715:TCP"= 1715:TCP:Akamai NetSession Interface
"2228:TCP"= 2228:TCP:Akamai NetSession Interface
"2733:TCP"= 2733:TCP:Akamai NetSession Interface
"4303:TCP"= 4303:TCP:Akamai NetSession Interface
"1353:TCP"= 1353:TCP:Akamai NetSession Interface
"1763:TCP"= 1763:TCP:Akamai NetSession Interface
"4185:TCP"= 4185:TCP:Akamai NetSession Interface
"3064:TCP"= 3064:TCP:Akamai NetSession Interface
"1147:TCP"= 1147:TCP:Akamai NetSession Interface
"3551:TCP"= 3551:TCP:Akamai NetSession Interface
"1070:TCP"= 1070:TCP:Akamai NetSession Interface
"1351:TCP"= 1351:TCP:Akamai NetSession Interface
"2892:TCP"= 2892:TCP:Akamai NetSession Interface
"2655:TCP"= 2655:TCP:Akamai NetSession Interface
"3710:TCP"= 3710:TCP:Akamai NetSession Interface
"1179:TCP"= 1179:TCP:Akamai NetSession Interface
"1751:TCP"= 1751:TCP:Akamai NetSession Interface
"1057:TCP"= 1057:TCP:Akamai NetSession Interface
"2405:TCP"= 2405:TCP:Akamai NetSession Interface
"2773:TCP"= 2773:TCP:Akamai NetSession Interface
"1100:TCP"= 1100:TCP:Akamai NetSession Interface
"1074:TCP"= 1074:TCP:Akamai NetSession Interface
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-02 64160]
R0 RRamdisk;Ramdisk Driver;c:\windows\system32\drivers\rramdisk.sys [2009-01-08 12288]
R0 secdir;Folder Security Personal;c:\windows\system32\secdir.sys [2008-08-16 70656]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2009-04-07 134272]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [2009-04-07 971552]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-02-27 270888]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-02 28544]
S1 amdtools;AMD Special Tools Driver; [x]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-28 114768]
S1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2008-06-05 53240]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
S2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-17 14336]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-28 20560]
S2 gupdate1c9aa39b7cae9da;Google Update Service (gupdate1c9aa39b7cae9da);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
S2 HDD Temperature;HDD Temperature Service; [x]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-10-20 596840]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-10-20 596840]
S2 MSSQL$CSSQL05;SQL Server (CSSQL05);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-03-01 603904]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-10-09 20856]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [2008-07-28 4134]
S3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2006-11-01 3328]
S3 NRKCTL32;NRKCTL32; [x]
S3 PhTVTune;TCL2002 TV Tuner;c:\windows\system32\drivers\phtvtune.sys [2008-07-27 19904]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2009-02-04 9472]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-02-27 65576]
S3 SetupNTGLM7X;SetupNTGLM7X; [x]
S3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-04-21 9344]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2009-01-21 23600]
S4 COM Service;COM Service;"c:\program files\GIGABYTE\C.O.M\GCSVR.EXE" --> c:\program files\GIGABYTE\C.O.M\GCSVR.EXE [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ECABE060-DAD2-D904-EED9-EF6419549337}]
c:\windows\system32\svchost.exe
.
Obsah adresáře 'Naplánované úlohy'
2009-06-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2009-06-21 c:\windows\Tasks\20090323_202000_Petr.job
- c:\program files\Nero\Nero8\Nero BackItUp\BackItUp.exe [2007-08-08 08:24]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí Net Transportu - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files\Xi\NetTransport 2\NTAddList.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://193.165.78.6/VatDec.cab
FF - ProfilePath -
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 20:28
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\windows\system32\$FSPINI$.DAT 1024 bytes
c:\windows\system32\FLOCKER.ACL 0 bytes
c:\windows\system32\Flocker.USR 444 bytes
sken byl úspešně dokončen
skryté soubory: 3
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet132\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{474415E1-AF1A-A200-48AF-54150B2D4BA0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"panifpacfhnpkeclcmgimcbofgaejjee"=hex:61,62,69,67,63,6f,6d,64,67,6f,70,6c,62,
70,70,67,6b,6c,62,6e,67,6e,66,64,6d,6e,6e,61,61,66,70,63,6c,69,00,47
"padhieabcecjoebgaoofijogllcpfkai"=hex:61,62,69,67,63,6f,6d,64,67,6f,70,6c,62,
70,70,67,6b,6c,62,6e,67,6e,66,64,6f,6e,6c,66,70,66,67,62,6c,63,00,00
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B5E0D790-0328-6E83-BA75-CE581B58000B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"pabbgidbgmnfcialmmojcepgpbpgbbjn"=hex:61,62,6b,6e,6b,6a,6c,6a,64,65,65,6d,68,
64,6b,6f,6f,63,61,63,65,66,6e,6b,64,6e,69,65,63,65,68,63,64,62,00,47
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:41,d4,3a,33,d3,89,92,d0,4d,ca,e0,c0,34,33,2c,9a,e2,a4,04,0d,d8,42,d6,
25,64,5e,0d,23,f4,92,d9,b6,16,8d,1c,12,4d,ab,4d,08,53,fa,3f,3b,c4,05,08,3a,\
"??"=hex:02,79,70,68,17,b4,8f,d8,a0,cb,70,02,f9,7f,5f,53
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:98,df,b9,c4,97,53,a6,37,e5,b9,75,ca,a1,e1,ed,7d,15,1a,f1,7d,82,
2d,19,55,b7,85,26,45,37,7c,d6,f0,ef,b7,15,a4,56,87,59,44,93,32,27,4a,c9,01,\
"rkeysecu"=hex:7b,72,96,fc,88,1e,5a,a0,13,5b,4e,03,6d,02,78,63
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b0,46,df,66,96,
d8,12,f2,c8,28,51,af,b0,29,a3,98,81,44,76,ac,2b,fd,57,1b,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,c7,19,ca,a0,33,
66,67,75,71,3b,04,66,8b,46,0d,96,9d,69,59,06,95,af,c3,b2,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,24,64,06,cf,27,
51,23,29,25,da,ec,7e,55,20,c9,26,92,87,b0,92,31,16,17,90,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,da,cb,98,c5,35,
70,56,26,3e,1e,9e,e0,57,5a,93,61,93,7b,db,ec,91,42,93,ee,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,16,fb,66,e8,9f,
f4,6a,e6,cd,44,cd,b9,a6,33,6c,cd,71,28,a9,72,58,d9,5e,fe,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,e3,3b,1d,e3,ea,
8d,71,67,b0,18,ed,a7,3f,8d,37,a4,55,62,3e,9a,b5,d2,e8,e6,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,fa,8c,48,14,5a,
ca,97,b9,31,77,e1,ba,b1,f8,68,02,4a,2d,f1,b3,5f,d1,61,5b,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,d9,88,5a,62,9a,
43,cf,27,83,6c,56,8b,a0,85,96,ab,45,0b,81,f4,c6,b2,de,f0,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,aa,f1,64,2b,c6,
4f,a2,73,51,fa,6e,91,28,9e,14,cc,e8,43,70,67,8c,62,db,5d,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,33,43,be,b6,59,
15,79,0f,b1,cd,45,5a,a8,c4,f8,b9,88,df,a0,f4,43,7f,51,96,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,2e,29,59,36,9d,
a5,af,b8,e3,0e,66,d5,eb,bc,2f,6b,e9,98,75,5c,f1,de,8d,af,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,f5,89,2c,49,ad,
da,a4,67,fa,ea,66,7f,d4,3b,6b,70,66,f3,d3,3e,0c,de,60,76,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Nls\net\AllowedPaths*]
@=hex:f1,ef,1c,47,00,00,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(420)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-06-22 20:30
ComboFix-quarantined-files.txt 2009-06-22 18:30
Před spuštěním: Volných bajtů: 69,550,612,480
Po spuštění: Volných bajtů: 69,454,344,192
380 --- E O F --- 2009-05-13 13:08
Prvni log je tedy ze stavu nouze.
Druhy log je z normalniho rezimu, tentokrat me napadlo uplne vypnout Kerio aby nehazelo to okenko Expiration check. Dojelo to v cca 16 min. pak sem chtel nahodit kerio tak sem se odhlasil a prihlasil do win, jenze kerio se nespustilo, a omylem sem spustil firefox na chvili bez Keria. No snad se nic nestalo...
ComboFix 09-06-21.01 - Petr 2009-06-22 20:23.22 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2046.1684 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090621-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\mfc45.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-22 do 2009-06-22 )))))))))))))))))))))))))))))))
.
2009-06-22 18:02 . 2009-06-22 18:02 -------- d-----w- c:\windows\LastGood
2009-06-22 17:52 . 2009-06-22 17:52 -------- d-----w- c:\windows\system32\bfubackups
2009-06-22 17:43 . 2009-06-22 17:45 -------- d-----w- C:\bbfu
2009-06-20 17:53 . 2009-06-20 17:53 -------- d-----w- C:\rsit
2009-06-20 10:01 . 2009-06-20 11:46 -------- d-----w- c:\program files\ICQ6.5
2009-06-09 19:37 . 2009-06-09 19:37 -------- d-----w- c:\program files\Adobe Media Player
2009-06-01 18:00 . 2009-06-07 19:06 -------- d-----w- c:\program files\FotoLapse
2009-06-01 17:16 . 2009-06-01 17:16 407047 ----a-w- c:\windows\system32\mioengine.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-22 18:06 . 2001-10-25 14:00 530496 ----a-w- c:\windows\system32\perfh005.dat
2009-06-22 18:06 . 2001-10-25 14:00 119168 ----a-w- c:\windows\system32\perfc005.dat
2009-06-22 17:33 . 2008-07-21 19:01 -------- d-----w- c:\program files\Common Files\Akamai
2009-06-22 17:32 . 2008-05-15 20:31 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2009-06-20 16:35 . 2008-06-16 17:43 -------- d-----w- c:\program files\MediaCoder iPhone Edition
2009-06-20 10:02 . 2007-10-25 09:30 -------- d-----w- c:\program files\ICQ6
2009-06-07 19:41 . 2008-12-07 19:05 -------- d-----w- c:\program files\Orbitdownloader
2009-06-01 16:09 . 2008-01-05 11:17 -------- d-----w- c:\program files\Google
2009-05-31 16:49 . 2008-06-05 16:28 -------- d-----w- c:\program files\MozyHome
2009-05-25 18:02 . 2009-05-25 18:01 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-22 16:41 . 2009-03-02 15:11 -------- d-----w- c:\program files\SpywareBlaster
2009-05-19 19:26 . 2009-05-19 19:25 -------- d-----w- c:\program files\Dobrý farmář
2009-05-17 11:44 . 2009-05-17 11:44 -------- d-----w- c:\program files\Bagger-Simulator 2008
2009-05-16 20:15 . 2009-05-16 20:15 -------- d-----w- c:\program files\Cogs
2009-05-16 12:44 . 2009-05-16 12:43 -------- d-----w- c:\program files\iPhoneRingToneMaker
2009-05-15 18:57 . 2009-03-02 15:10 -------- d-----w- c:\program files\Lavasoft
2009-05-15 11:04 . 2008-06-05 16:28 53240 ----a-w- c:\windows\system32\drivers\mozy.sys
2009-05-12 16:24 . 2009-02-05 16:35 83616 ----a-w- C:\GDIPFONTCACHEV1.DAT
2009-05-12 11:17 . 2009-03-03 15:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-12 09:45 . 2007-10-25 21:01 -------- d-----w- c:\program files\MediaCoder
2009-05-11 10:43 . 2009-01-18 20:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-06 17:50 . 2009-04-28 15:22 -------- d-----w- c:\program files\Microsoft Research
2009-05-06 17:03 . 2009-05-06 17:03 -------- d-----w- c:\program files\Microsoft Virtual PC
2009-05-05 22:31 . 2009-05-25 18:01 2402304 ----a-w- c:\windows\system32\x264vfw.dll
2009-04-29 09:27 . 2007-10-25 20:22 -------- d-----w- c:\program files\Microsoft SQL Server
2009-04-28 15:17 . 2007-10-03 21:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-28 15:08 . 2007-10-14 20:53 -------- d-----w- c:\program files\MSBuild
2009-04-28 15:08 . 2007-10-14 20:51 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-04-07 17:02 . 2009-04-07 17:02 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys
2009-04-07 17:02 . 2008-06-15 18:58 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-04-07 17:02 . 2008-06-15 18:58 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-04-07 17:02 . 2009-04-07 17:02 134272 ----a-w- c:\windows\system32\drivers\snman380.sys
2009-04-06 15:53 . 2009-04-06 15:53 737280 ----a-w- c:\windows\iun6002.exe
2009-04-06 13:32 . 2009-01-18 20:48 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-01-18 20:48 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-02 13:21 . 2009-05-25 18:01 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2008-01-08 18:47 . 2008-01-08 18:47 61 --sh--w- c:\windows\cnerolf.bin
2009-02-18 16:59 . 2009-02-18 16:47 907296 --sha-w- c:\windows\system32\drivers\fidbox.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-05-15 11:04 2833208 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-05-15 11:04 2833208 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-02-15 270128]
"OEXPRESS"="c:\windows\OETRN.EXE" [2007-10-17 26624]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-09-10 1188152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2008-11-04 413696]
"Startup Cleaner"="c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe" [2006-10-08 122880]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-12-16 4375032]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-12-16 962128]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-12-16 165144]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 171008]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-23 16804864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Petr\Nabˇdka Start\Programy\Po spuçtŘnˇ\
PdaNet Desktop.lnk - c:\program files\PdaNet for iPhone\PdaNetPC.exe [2009-2-4 163840]
Total Commander.lnk - c:\program files\totalcmd\TOTALCMD.EXE [2008-3-7 1080264]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-5-15 2871608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Metacafe.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Ralink Wireless Utility.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Metacafe.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TryAndDecideService"=2 (0x2)
"PnkBstrA"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"36X Raid Configurer"=c:\windows\system32\JMRaidSetup.exe boot
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 5\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Games\\[ PC Games ] - Age of Empires II(FULL)\\empires2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\SbPFCl.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\MirandaPortable\\App\\miranda\\miranda32.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2689:TCP"= 2689:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"2020:TCP"= 2020:TCP:Akamai NetSession Interface
"1282:TCP"= 1282:TCP:Akamai NetSession Interface
"3044:TCP"= 3044:TCP:Akamai NetSession Interface
"4370:TCP"= 4370:TCP:Akamai NetSession Interface
"1992:TCP"= 1992:TCP:Akamai NetSession Interface
"3773:TCP"= 3773:TCP:Akamai NetSession Interface
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"1121:TCP"= 1121:TCP:Akamai NetSession Interface
"1038:TCP"= 1038:TCP:Akamai NetSession Interface
"1279:TCP"= 1279:TCP:Akamai NetSession Interface
"2027:TCP"= 2027:TCP:Akamai NetSession Interface
"4771:TCP"= 4771:TCP:Akamai NetSession Interface
"1039:TCP"= 1039:TCP:Akamai NetSession Interface
"2666:TCP"= 2666:TCP:Akamai NetSession Interface
"2851:TCP"= 2851:TCP:Akamai NetSession Interface
"4510:TCP"= 4510:TCP:Akamai NetSession Interface
"4689:TCP"= 4689:TCP:Akamai NetSession Interface
"4875:TCP"= 4875:TCP:Akamai NetSession Interface
"2309:TCP"= 2309:TCP:Akamai NetSession Interface
"3579:TCP"= 3579:TCP:Akamai NetSession Interface
"3829:TCP"= 3829:TCP:Akamai NetSession Interface
"1879:TCP"= 1879:TCP:Akamai NetSession Interface
"2574:TCP"= 2574:TCP:Akamai NetSession Interface
"2410:TCP"= 2410:TCP:Akamai NetSession Interface
"3116:TCP"= 3116:TCP:Akamai NetSession Interface
"4933:TCP"= 4933:TCP:Akamai NetSession Interface
"1414:TCP"= 1414:TCP:Akamai NetSession Interface
"2490:TCP"= 2490:TCP:Akamai NetSession Interface
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"1969:TCP"= 1969:TCP:Akamai NetSession Interface
"4369:TCP"= 4369:TCP:Akamai NetSession Interface
"2241:TCP"= 2241:TCP:Akamai NetSession Interface
"1715:TCP"= 1715:TCP:Akamai NetSession Interface
"2228:TCP"= 2228:TCP:Akamai NetSession Interface
"2733:TCP"= 2733:TCP:Akamai NetSession Interface
"4303:TCP"= 4303:TCP:Akamai NetSession Interface
"1353:TCP"= 1353:TCP:Akamai NetSession Interface
"1763:TCP"= 1763:TCP:Akamai NetSession Interface
"4185:TCP"= 4185:TCP:Akamai NetSession Interface
"3064:TCP"= 3064:TCP:Akamai NetSession Interface
"1147:TCP"= 1147:TCP:Akamai NetSession Interface
"3551:TCP"= 3551:TCP:Akamai NetSession Interface
"1070:TCP"= 1070:TCP:Akamai NetSession Interface
"1351:TCP"= 1351:TCP:Akamai NetSession Interface
"2892:TCP"= 2892:TCP:Akamai NetSession Interface
"2655:TCP"= 2655:TCP:Akamai NetSession Interface
"3710:TCP"= 3710:TCP:Akamai NetSession Interface
"1179:TCP"= 1179:TCP:Akamai NetSession Interface
"1751:TCP"= 1751:TCP:Akamai NetSession Interface
"1057:TCP"= 1057:TCP:Akamai NetSession Interface
"2405:TCP"= 2405:TCP:Akamai NetSession Interface
"2773:TCP"= 2773:TCP:Akamai NetSession Interface
"1100:TCP"= 1100:TCP:Akamai NetSession Interface
"1074:TCP"= 1074:TCP:Akamai NetSession Interface
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-02 64160]
R0 RRamdisk;Ramdisk Driver;c:\windows\system32\drivers\rramdisk.sys [2009-01-08 12288]
R0 secdir;Folder Security Personal;c:\windows\system32\secdir.sys [2008-08-16 70656]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2009-04-07 134272]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [2009-04-07 971552]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-02-27 270888]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-02 28544]
S1 amdtools;AMD Special Tools Driver; [x]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-28 114768]
S1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2008-06-05 53240]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
S2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-17 14336]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-28 20560]
S2 gupdate1c9aa39b7cae9da;Google Update Service (gupdate1c9aa39b7cae9da);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
S2 HDD Temperature;HDD Temperature Service; [x]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-10-20 596840]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-10-20 596840]
S2 MSSQL$CSSQL05;SQL Server (CSSQL05);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-03-01 603904]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-10-09 20856]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [2008-07-28 4134]
S3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2006-11-01 3328]
S3 NRKCTL32;NRKCTL32; [x]
S3 PhTVTune;TCL2002 TV Tuner;c:\windows\system32\drivers\phtvtune.sys [2008-07-27 19904]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2009-02-04 9472]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-02-27 65576]
S3 SetupNTGLM7X;SetupNTGLM7X; [x]
S3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-04-21 9344]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2009-01-21 23600]
S4 COM Service;COM Service;"c:\program files\GIGABYTE\C.O.M\GCSVR.EXE" --> c:\program files\GIGABYTE\C.O.M\GCSVR.EXE [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ECABE060-DAD2-D904-EED9-EF6419549337}]
c:\windows\system32\svchost.exe
.
Obsah adresáře 'Naplánované úlohy'
2009-06-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2009-06-21 c:\windows\Tasks\20090323_202000_Petr.job
- c:\program files\Nero\Nero8\Nero BackItUp\BackItUp.exe [2007-08-08 08:24]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí Net Transportu - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files\Xi\NetTransport 2\NTAddList.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://193.165.78.6/VatDec.cab
FF - ProfilePath -
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 20:28
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\windows\system32\$FSPINI$.DAT 1024 bytes
c:\windows\system32\FLOCKER.ACL 0 bytes
c:\windows\system32\Flocker.USR 444 bytes
sken byl úspešně dokončen
skryté soubory: 3
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet132\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{474415E1-AF1A-A200-48AF-54150B2D4BA0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"panifpacfhnpkeclcmgimcbofgaejjee"=hex:61,62,69,67,63,6f,6d,64,67,6f,70,6c,62,
70,70,67,6b,6c,62,6e,67,6e,66,64,6d,6e,6e,61,61,66,70,63,6c,69,00,47
"padhieabcecjoebgaoofijogllcpfkai"=hex:61,62,69,67,63,6f,6d,64,67,6f,70,6c,62,
70,70,67,6b,6c,62,6e,67,6e,66,64,6f,6e,6c,66,70,66,67,62,6c,63,00,00
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B5E0D790-0328-6E83-BA75-CE581B58000B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"pabbgidbgmnfcialmmojcepgpbpgbbjn"=hex:61,62,6b,6e,6b,6a,6c,6a,64,65,65,6d,68,
64,6b,6f,6f,63,61,63,65,66,6e,6b,64,6e,69,65,63,65,68,63,64,62,00,47
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:41,d4,3a,33,d3,89,92,d0,4d,ca,e0,c0,34,33,2c,9a,e2,a4,04,0d,d8,42,d6,
25,64,5e,0d,23,f4,92,d9,b6,16,8d,1c,12,4d,ab,4d,08,53,fa,3f,3b,c4,05,08,3a,\
"??"=hex:02,79,70,68,17,b4,8f,d8,a0,cb,70,02,f9,7f,5f,53
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:98,df,b9,c4,97,53,a6,37,e5,b9,75,ca,a1,e1,ed,7d,15,1a,f1,7d,82,
2d,19,55,b7,85,26,45,37,7c,d6,f0,ef,b7,15,a4,56,87,59,44,93,32,27,4a,c9,01,\
"rkeysecu"=hex:7b,72,96,fc,88,1e,5a,a0,13,5b,4e,03,6d,02,78,63
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b0,46,df,66,96,
d8,12,f2,c8,28,51,af,b0,29,a3,98,81,44,76,ac,2b,fd,57,1b,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,c7,19,ca,a0,33,
66,67,75,71,3b,04,66,8b,46,0d,96,9d,69,59,06,95,af,c3,b2,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,24,64,06,cf,27,
51,23,29,25,da,ec,7e,55,20,c9,26,92,87,b0,92,31,16,17,90,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,da,cb,98,c5,35,
70,56,26,3e,1e,9e,e0,57,5a,93,61,93,7b,db,ec,91,42,93,ee,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,16,fb,66,e8,9f,
f4,6a,e6,cd,44,cd,b9,a6,33,6c,cd,71,28,a9,72,58,d9,5e,fe,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,e3,3b,1d,e3,ea,
8d,71,67,b0,18,ed,a7,3f,8d,37,a4,55,62,3e,9a,b5,d2,e8,e6,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,fa,8c,48,14,5a,
ca,97,b9,31,77,e1,ba,b1,f8,68,02,4a,2d,f1,b3,5f,d1,61,5b,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,d9,88,5a,62,9a,
43,cf,27,83,6c,56,8b,a0,85,96,ab,45,0b,81,f4,c6,b2,de,f0,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,aa,f1,64,2b,c6,
4f,a2,73,51,fa,6e,91,28,9e,14,cc,e8,43,70,67,8c,62,db,5d,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,33,43,be,b6,59,
15,79,0f,b1,cd,45,5a,a8,c4,f8,b9,88,df,a0,f4,43,7f,51,96,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,2e,29,59,36,9d,
a5,af,b8,e3,0e,66,d5,eb,bc,2f,6b,e9,98,75,5c,f1,de,8d,af,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,f5,89,2c,49,ad,
da,a4,67,fa,ea,66,7f,d4,3b,6b,70,66,f3,d3,3e,0c,de,60,76,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Nls\net\AllowedPaths*]
@=hex:f1,ef,1c,47,00,00,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(420)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-06-22 20:30
ComboFix-quarantined-files.txt 2009-06-22 18:30
Před spuštěním: Volných bajtů: 69,550,612,480
Po spuštění: Volných bajtů: 69,454,344,192
380 --- E O F --- 2009-05-13 13:08
-
legendaryboy
- Level 1
- Příspěvky: 80
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu z RSIT
ComboFix 09-06-21.01 - Petr 2009-06-22 20:36.23 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2046.1185 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090621-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-22 do 2009-06-22 )))))))))))))))))))))))))))))))
.
2009-06-22 17:52 . 2009-06-22 17:52 -------- d-----w- c:\windows\system32\bfubackups
2009-06-22 17:43 . 2009-06-22 17:45 -------- d-----w- C:\bbfu
2009-06-20 17:53 . 2009-06-20 17:53 -------- d-----w- C:\rsit
2009-06-20 10:01 . 2009-06-20 11:46 -------- d-----w- c:\program files\ICQ6.5
2009-06-09 19:37 . 2009-06-09 19:37 -------- d-----w- c:\program files\Adobe Media Player
2009-06-01 18:00 . 2009-06-07 19:06 -------- d-----w- c:\program files\FotoLapse
2009-06-01 17:16 . 2009-06-01 17:16 407047 ----a-w- c:\windows\system32\mioengine.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-22 18:06 . 2001-10-25 14:00 530496 ----a-w- c:\windows\system32\perfh005.dat
2009-06-22 18:06 . 2001-10-25 14:00 119168 ----a-w- c:\windows\system32\perfc005.dat
2009-06-22 17:33 . 2008-07-21 19:01 -------- d-----w- c:\program files\Common Files\Akamai
2009-06-22 17:32 . 2008-05-15 20:31 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2009-06-20 16:35 . 2008-06-16 17:43 -------- d-----w- c:\program files\MediaCoder iPhone Edition
2009-06-20 10:02 . 2007-10-25 09:30 -------- d-----w- c:\program files\ICQ6
2009-06-07 19:41 . 2008-12-07 19:05 -------- d-----w- c:\program files\Orbitdownloader
2009-06-01 16:09 . 2008-01-05 11:17 -------- d-----w- c:\program files\Google
2009-05-31 16:49 . 2008-06-05 16:28 -------- d-----w- c:\program files\MozyHome
2009-05-25 18:02 . 2009-05-25 18:01 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-22 16:41 . 2009-03-02 15:11 -------- d-----w- c:\program files\SpywareBlaster
2009-05-19 19:26 . 2009-05-19 19:25 -------- d-----w- c:\program files\Dobrý farmář
2009-05-17 11:44 . 2009-05-17 11:44 -------- d-----w- c:\program files\Bagger-Simulator 2008
2009-05-16 20:15 . 2009-05-16 20:15 -------- d-----w- c:\program files\Cogs
2009-05-16 12:44 . 2009-05-16 12:43 -------- d-----w- c:\program files\iPhoneRingToneMaker
2009-05-15 18:57 . 2009-03-02 15:10 -------- d-----w- c:\program files\Lavasoft
2009-05-15 11:04 . 2008-06-05 16:28 53240 ----a-w- c:\windows\system32\drivers\mozy.sys
2009-05-12 16:24 . 2009-02-05 16:35 83616 ----a-w- C:\GDIPFONTCACHEV1.DAT
2009-05-12 11:17 . 2009-03-03 15:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-12 09:45 . 2007-10-25 21:01 -------- d-----w- c:\program files\MediaCoder
2009-05-11 10:43 . 2009-01-18 20:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-06 17:50 . 2009-04-28 15:22 -------- d-----w- c:\program files\Microsoft Research
2009-05-06 17:03 . 2009-05-06 17:03 -------- d-----w- c:\program files\Microsoft Virtual PC
2009-05-05 22:31 . 2009-05-25 18:01 2402304 ----a-w- c:\windows\system32\x264vfw.dll
2009-04-29 09:27 . 2007-10-25 20:22 -------- d-----w- c:\program files\Microsoft SQL Server
2009-04-28 15:17 . 2007-10-03 21:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-28 15:08 . 2007-10-14 20:53 -------- d-----w- c:\program files\MSBuild
2009-04-28 15:08 . 2007-10-14 20:51 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-04-07 17:02 . 2009-04-07 17:02 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys
2009-04-07 17:02 . 2008-06-15 18:58 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-04-07 17:02 . 2008-06-15 18:58 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-04-07 17:02 . 2009-04-07 17:02 134272 ----a-w- c:\windows\system32\drivers\snman380.sys
2009-04-06 15:53 . 2009-04-06 15:53 737280 ----a-w- c:\windows\iun6002.exe
2009-04-06 13:32 . 2009-01-18 20:48 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-01-18 20:48 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-02 13:21 . 2009-05-25 18:01 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2008-01-08 18:47 . 2008-01-08 18:47 61 --sh--w- c:\windows\cnerolf.bin
2009-02-18 16:59 . 2009-02-18 16:47 907296 --sha-w- c:\windows\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-06-22_18.28.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-22 18:32 . 2009-06-22 18:32 16384 c:\windows\temp\Perflib_Perfdata_e48.dat
+ 2009-06-22 18:32 . 2009-06-22 18:32 16384 c:\windows\temp\Perflib_Perfdata_a84.dat
+ 2009-06-22 18:32 . 2009-06-22 18:32 16384 c:\windows\temp\Perflib_Perfdata_904.dat
+ 2009-06-22 18:32 . 2009-06-22 18:32 16384 c:\windows\temp\Perflib_Perfdata_72c.dat
+ 2009-06-22 18:32 . 2009-06-22 18:32 16384 c:\windows\temp\Perflib_Perfdata_618.dat
+ 2009-06-22 18:32 . 2009-06-22 18:32 16384 c:\windows\temp\Perflib_Perfdata_4a0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-05-15 11:04 2833208 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-05-15 11:04 2833208 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-02-15 270128]
"OEXPRESS"="c:\windows\OETRN.EXE" [2007-10-17 26624]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-09-10 1188152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2008-11-04 413696]
"Startup Cleaner"="c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe" [2006-10-08 122880]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-12-16 4375032]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-12-16 962128]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-12-16 165144]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 171008]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-23 16804864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Petr\Nabˇdka Start\Programy\Po spuçtŘnˇ\
PdaNet Desktop.lnk - c:\program files\PdaNet for iPhone\PdaNetPC.exe [2009-2-4 163840]
Total Commander.lnk - c:\program files\totalcmd\TOTALCMD.EXE [2008-3-7 1080264]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-5-15 2871608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Metacafe.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Ralink Wireless Utility.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Metacafe.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TryAndDecideService"=2 (0x2)
"PnkBstrA"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"36X Raid Configurer"=c:\windows\system32\JMRaidSetup.exe boot
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 5\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Games\\[ PC Games ] - Age of Empires II(FULL)\\empires2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\SbPFCl.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\MirandaPortable\\App\\miranda\\miranda32.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2689:TCP"= 2689:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"2020:TCP"= 2020:TCP:Akamai NetSession Interface
"1282:TCP"= 1282:TCP:Akamai NetSession Interface
"3044:TCP"= 3044:TCP:Akamai NetSession Interface
"4370:TCP"= 4370:TCP:Akamai NetSession Interface
"1992:TCP"= 1992:TCP:Akamai NetSession Interface
"3773:TCP"= 3773:TCP:Akamai NetSession Interface
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"1121:TCP"= 1121:TCP:Akamai NetSession Interface
"1038:TCP"= 1038:TCP:Akamai NetSession Interface
"1279:TCP"= 1279:TCP:Akamai NetSession Interface
"2027:TCP"= 2027:TCP:Akamai NetSession Interface
"4771:TCP"= 4771:TCP:Akamai NetSession Interface
"1039:TCP"= 1039:TCP:Akamai NetSession Interface
"2666:TCP"= 2666:TCP:Akamai NetSession Interface
"2851:TCP"= 2851:TCP:Akamai NetSession Interface
"4510:TCP"= 4510:TCP:Akamai NetSession Interface
"4689:TCP"= 4689:TCP:Akamai NetSession Interface
"4875:TCP"= 4875:TCP:Akamai NetSession Interface
"2309:TCP"= 2309:TCP:Akamai NetSession Interface
"3579:TCP"= 3579:TCP:Akamai NetSession Interface
"3829:TCP"= 3829:TCP:Akamai NetSession Interface
"1879:TCP"= 1879:TCP:Akamai NetSession Interface
"2574:TCP"= 2574:TCP:Akamai NetSession Interface
"2410:TCP"= 2410:TCP:Akamai NetSession Interface
"3116:TCP"= 3116:TCP:Akamai NetSession Interface
"4933:TCP"= 4933:TCP:Akamai NetSession Interface
"1414:TCP"= 1414:TCP:Akamai NetSession Interface
"2490:TCP"= 2490:TCP:Akamai NetSession Interface
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"1969:TCP"= 1969:TCP:Akamai NetSession Interface
"4369:TCP"= 4369:TCP:Akamai NetSession Interface
"2241:TCP"= 2241:TCP:Akamai NetSession Interface
"1715:TCP"= 1715:TCP:Akamai NetSession Interface
"2228:TCP"= 2228:TCP:Akamai NetSession Interface
"2733:TCP"= 2733:TCP:Akamai NetSession Interface
"4303:TCP"= 4303:TCP:Akamai NetSession Interface
"1353:TCP"= 1353:TCP:Akamai NetSession Interface
"1763:TCP"= 1763:TCP:Akamai NetSession Interface
"4185:TCP"= 4185:TCP:Akamai NetSession Interface
"3064:TCP"= 3064:TCP:Akamai NetSession Interface
"1147:TCP"= 1147:TCP:Akamai NetSession Interface
"3551:TCP"= 3551:TCP:Akamai NetSession Interface
"1070:TCP"= 1070:TCP:Akamai NetSession Interface
"1351:TCP"= 1351:TCP:Akamai NetSession Interface
"2892:TCP"= 2892:TCP:Akamai NetSession Interface
"2655:TCP"= 2655:TCP:Akamai NetSession Interface
"3710:TCP"= 3710:TCP:Akamai NetSession Interface
"1179:TCP"= 1179:TCP:Akamai NetSession Interface
"1751:TCP"= 1751:TCP:Akamai NetSession Interface
"1057:TCP"= 1057:TCP:Akamai NetSession Interface
"2405:TCP"= 2405:TCP:Akamai NetSession Interface
"2773:TCP"= 2773:TCP:Akamai NetSession Interface
"1100:TCP"= 1100:TCP:Akamai NetSession Interface
"1074:TCP"= 1074:TCP:Akamai NetSession Interface
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-02 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-02 28544]
R0 RRamdisk;Ramdisk Driver;c:\windows\system32\drivers\rramdisk.sys [2009-01-08 12288]
R0 secdir;Folder Security Personal;c:\windows\system32\secdir.sys [2008-08-16 70656]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2009-04-07 134272]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [2009-04-07 971552]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-28 114768]
R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2008-06-05 53240]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-02-27 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-17 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-28 20560]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-10-20 596840]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-10-20 596840]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-03-01 603904]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2009-02-04 9472]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-02-27 65576]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-04-21 9344]
S1 amdtools;AMD Special Tools Driver; [x]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 gupdate1c9aa39b7cae9da;Google Update Service (gupdate1c9aa39b7cae9da);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
S2 HDD Temperature;HDD Temperature Service; [x]
S2 MSSQL$CSSQL05;SQL Server (CSSQL05);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-10-09 20856]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [2008-07-28 4134]
S3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2006-11-01 3328]
S3 NRKCTL32;NRKCTL32; [x]
S3 PhTVTune;TCL2002 TV Tuner;c:\windows\system32\drivers\phtvtune.sys [2008-07-27 19904]
S3 SetupNTGLM7X;SetupNTGLM7X; [x]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2009-01-21 23600]
S4 COM Service;COM Service;"c:\program files\GIGABYTE\C.O.M\GCSVR.EXE" --> c:\program files\GIGABYTE\C.O.M\GCSVR.EXE [?]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ECABE060-DAD2-D904-EED9-EF6419549337}]
c:\windows\system32\svchost.exe
.
Obsah adresáře 'Naplánované úlohy'
2009-06-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2009-06-21 c:\windows\Tasks\20090323_202000_Petr.job
- c:\program files\Nero\Nero8\Nero BackItUp\BackItUp.exe [2007-08-08 08:24]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí Net Transportu - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files\Xi\NetTransport 2\NTAddList.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://193.165.78.6/VatDec.cab
FF - ProfilePath -
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 20:44
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\windows\system32\$FSPINI$.DAT 1024 bytes
c:\windows\system32\FLOCKER.ACL 0 bytes
c:\windows\system32\Flocker.USR 444 bytes
sken byl úspešně dokončen
skryté soubory: 3
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet132\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{474415E1-AF1A-A200-48AF-54150B2D4BA0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"panifpacfhnpkeclcmgimcbofgaejjee"=hex:61,62,69,67,63,6f,6d,64,67,6f,70,6c,62,
70,70,67,6b,6c,62,6e,67,6e,66,64,6d,6e,6e,61,61,66,70,63,6c,69,00,47
"padhieabcecjoebgaoofijogllcpfkai"=hex:61,62,69,67,63,6f,6d,64,67,6f,70,6c,62,
70,70,67,6b,6c,62,6e,67,6e,66,64,6f,6e,6c,66,70,66,67,62,6c,63,00,00
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B5E0D790-0328-6E83-BA75-CE581B58000B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"pabbgidbgmnfcialmmojcepgpbpgbbjn"=hex:61,62,6b,6e,6b,6a,6c,6a,64,65,65,6d,68,
64,6b,6f,6f,63,61,63,65,66,6e,6b,64,6e,69,65,63,65,68,63,64,62,00,47
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:41,d4,3a,33,d3,89,92,d0,4d,ca,e0,c0,34,33,2c,9a,e2,a4,04,0d,d8,42,d6,
25,64,5e,0d,23,f4,92,d9,b6,16,8d,1c,12,4d,ab,4d,08,53,fa,3f,3b,c4,05,08,3a,\
"??"=hex:02,79,70,68,17,b4,8f,d8,a0,cb,70,02,f9,7f,5f,53
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:98,df,b9,c4,97,53,a6,37,e5,b9,75,ca,a1,e1,ed,7d,15,1a,f1,7d,82,
2d,19,55,b7,85,26,45,37,7c,d6,f0,ef,b7,15,a4,56,87,59,44,93,32,27,4a,c9,01,\
"rkeysecu"=hex:7b,72,96,fc,88,1e,5a,a0,13,5b,4e,03,6d,02,78,63
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b0,46,df,66,96,
d8,12,f2,c8,28,51,af,b0,29,a3,98,81,44,76,ac,2b,fd,57,1b,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,c7,19,ca,a0,33,
66,67,75,71,3b,04,66,8b,46,0d,96,9d,69,59,06,95,af,c3,b2,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,24,64,06,cf,27,
51,23,29,25,da,ec,7e,55,20,c9,26,92,87,b0,92,31,16,17,90,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,da,cb,98,c5,35,
70,56,26,3e,1e,9e,e0,57,5a,93,61,93,7b,db,ec,91,42,93,ee,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,16,fb,66,e8,9f,
f4,6a,e6,cd,44,cd,b9,a6,33,6c,cd,71,28,a9,72,58,d9,5e,fe,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,e3,3b,1d,e3,ea,
8d,71,67,b0,18,ed,a7,3f,8d,37,a4,55,62,3e,9a,b5,d2,e8,e6,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,fa,8c,48,14,5a,
ca,97,b9,31,77,e1,ba,b1,f8,68,02,4a,2d,f1,b3,5f,d1,61,5b,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,d9,88,5a,62,9a,
43,cf,27,83,6c,56,8b,a0,85,96,ab,45,0b,81,f4,c6,b2,de,f0,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,aa,f1,64,2b,c6,
4f,a2,73,51,fa,6e,91,28,9e,14,cc,e8,43,70,67,8c,62,db,5d,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,33,43,be,b6,59,
15,79,0f,b1,cd,45,5a,a8,c4,f8,b9,88,df,a0,f4,43,7f,51,96,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,2e,29,59,36,9d,
a5,af,b8,e3,0e,66,d5,eb,bc,2f,6b,e9,98,75,5c,f1,de,8d,af,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,f5,89,2c,49,ad,
da,a4,67,fa,ea,66,7f,d4,3b,6b,70,66,f3,d3,3e,0c,de,60,76,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Nls\net\AllowedPaths*]
@=hex:f1,ef,1c,47,00,00,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1604)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1012)
c:\windows\TrnOEH.dll
c:\program files\MozyHome\mozyshell.dll
c:\windows\system32\msi.dll
.
Celkový čas: 2009-06-22 20:48
ComboFix-quarantined-files.txt 2009-06-22 18:48
ComboFix2.txt 2009-06-22 18:30
Před spuštěním: Volných bajtů: 69,543,501,824
Po spuštění: Volných bajtů: 69,445,832,704
391 --- E O F --- 2009-05-13 13:08
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2046.1185 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090621-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-22 do 2009-06-22 )))))))))))))))))))))))))))))))
.
2009-06-22 17:52 . 2009-06-22 17:52 -------- d-----w- c:\windows\system32\bfubackups
2009-06-22 17:43 . 2009-06-22 17:45 -------- d-----w- C:\bbfu
2009-06-20 17:53 . 2009-06-20 17:53 -------- d-----w- C:\rsit
2009-06-20 10:01 . 2009-06-20 11:46 -------- d-----w- c:\program files\ICQ6.5
2009-06-09 19:37 . 2009-06-09 19:37 -------- d-----w- c:\program files\Adobe Media Player
2009-06-01 18:00 . 2009-06-07 19:06 -------- d-----w- c:\program files\FotoLapse
2009-06-01 17:16 . 2009-06-01 17:16 407047 ----a-w- c:\windows\system32\mioengine.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-22 18:06 . 2001-10-25 14:00 530496 ----a-w- c:\windows\system32\perfh005.dat
2009-06-22 18:06 . 2001-10-25 14:00 119168 ----a-w- c:\windows\system32\perfc005.dat
2009-06-22 17:33 . 2008-07-21 19:01 -------- d-----w- c:\program files\Common Files\Akamai
2009-06-22 17:32 . 2008-05-15 20:31 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2009-06-20 16:35 . 2008-06-16 17:43 -------- d-----w- c:\program files\MediaCoder iPhone Edition
2009-06-20 10:02 . 2007-10-25 09:30 -------- d-----w- c:\program files\ICQ6
2009-06-07 19:41 . 2008-12-07 19:05 -------- d-----w- c:\program files\Orbitdownloader
2009-06-01 16:09 . 2008-01-05 11:17 -------- d-----w- c:\program files\Google
2009-05-31 16:49 . 2008-06-05 16:28 -------- d-----w- c:\program files\MozyHome
2009-05-25 18:02 . 2009-05-25 18:01 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-22 16:41 . 2009-03-02 15:11 -------- d-----w- c:\program files\SpywareBlaster
2009-05-19 19:26 . 2009-05-19 19:25 -------- d-----w- c:\program files\Dobrý farmář
2009-05-17 11:44 . 2009-05-17 11:44 -------- d-----w- c:\program files\Bagger-Simulator 2008
2009-05-16 20:15 . 2009-05-16 20:15 -------- d-----w- c:\program files\Cogs
2009-05-16 12:44 . 2009-05-16 12:43 -------- d-----w- c:\program files\iPhoneRingToneMaker
2009-05-15 18:57 . 2009-03-02 15:10 -------- d-----w- c:\program files\Lavasoft
2009-05-15 11:04 . 2008-06-05 16:28 53240 ----a-w- c:\windows\system32\drivers\mozy.sys
2009-05-12 16:24 . 2009-02-05 16:35 83616 ----a-w- C:\GDIPFONTCACHEV1.DAT
2009-05-12 11:17 . 2009-03-03 15:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-12 09:45 . 2007-10-25 21:01 -------- d-----w- c:\program files\MediaCoder
2009-05-11 10:43 . 2009-01-18 20:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-06 17:50 . 2009-04-28 15:22 -------- d-----w- c:\program files\Microsoft Research
2009-05-06 17:03 . 2009-05-06 17:03 -------- d-----w- c:\program files\Microsoft Virtual PC
2009-05-05 22:31 . 2009-05-25 18:01 2402304 ----a-w- c:\windows\system32\x264vfw.dll
2009-04-29 09:27 . 2007-10-25 20:22 -------- d-----w- c:\program files\Microsoft SQL Server
2009-04-28 15:17 . 2007-10-03 21:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-28 15:08 . 2007-10-14 20:53 -------- d-----w- c:\program files\MSBuild
2009-04-28 15:08 . 2007-10-14 20:51 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-04-07 17:02 . 2009-04-07 17:02 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys
2009-04-07 17:02 . 2008-06-15 18:58 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-04-07 17:02 . 2008-06-15 18:58 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-04-07 17:02 . 2009-04-07 17:02 134272 ----a-w- c:\windows\system32\drivers\snman380.sys
2009-04-06 15:53 . 2009-04-06 15:53 737280 ----a-w- c:\windows\iun6002.exe
2009-04-06 13:32 . 2009-01-18 20:48 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-01-18 20:48 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-02 13:21 . 2009-05-25 18:01 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2008-01-08 18:47 . 2008-01-08 18:47 61 --sh--w- c:\windows\cnerolf.bin
2009-02-18 16:59 . 2009-02-18 16:47 907296 --sha-w- c:\windows\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-06-22_18.28.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-22 18:32 . 2009-06-22 18:32 16384 c:\windows\temp\Perflib_Perfdata_e48.dat
+ 2009-06-22 18:32 . 2009-06-22 18:32 16384 c:\windows\temp\Perflib_Perfdata_a84.dat
+ 2009-06-22 18:32 . 2009-06-22 18:32 16384 c:\windows\temp\Perflib_Perfdata_904.dat
+ 2009-06-22 18:32 . 2009-06-22 18:32 16384 c:\windows\temp\Perflib_Perfdata_72c.dat
+ 2009-06-22 18:32 . 2009-06-22 18:32 16384 c:\windows\temp\Perflib_Perfdata_618.dat
+ 2009-06-22 18:32 . 2009-06-22 18:32 16384 c:\windows\temp\Perflib_Perfdata_4a0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-05-15 11:04 2833208 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-05-15 11:04 2833208 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-02-15 270128]
"OEXPRESS"="c:\windows\OETRN.EXE" [2007-10-17 26624]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-09-10 1188152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2008-11-04 413696]
"Startup Cleaner"="c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe" [2006-10-08 122880]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-12-16 4375032]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-12-16 962128]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-12-16 165144]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 171008]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-23 16804864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Petr\Nabˇdka Start\Programy\Po spuçtŘnˇ\
PdaNet Desktop.lnk - c:\program files\PdaNet for iPhone\PdaNetPC.exe [2009-2-4 163840]
Total Commander.lnk - c:\program files\totalcmd\TOTALCMD.EXE [2008-3-7 1080264]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-5-15 2871608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Metacafe.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Ralink Wireless Utility.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Metacafe.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TryAndDecideService"=2 (0x2)
"PnkBstrA"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"36X Raid Configurer"=c:\windows\system32\JMRaidSetup.exe boot
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 5\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Games\\[ PC Games ] - Age of Empires II(FULL)\\empires2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\SbPFCl.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\MirandaPortable\\App\\miranda\\miranda32.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2689:TCP"= 2689:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"2020:TCP"= 2020:TCP:Akamai NetSession Interface
"1282:TCP"= 1282:TCP:Akamai NetSession Interface
"3044:TCP"= 3044:TCP:Akamai NetSession Interface
"4370:TCP"= 4370:TCP:Akamai NetSession Interface
"1992:TCP"= 1992:TCP:Akamai NetSession Interface
"3773:TCP"= 3773:TCP:Akamai NetSession Interface
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"1121:TCP"= 1121:TCP:Akamai NetSession Interface
"1038:TCP"= 1038:TCP:Akamai NetSession Interface
"1279:TCP"= 1279:TCP:Akamai NetSession Interface
"2027:TCP"= 2027:TCP:Akamai NetSession Interface
"4771:TCP"= 4771:TCP:Akamai NetSession Interface
"1039:TCP"= 1039:TCP:Akamai NetSession Interface
"2666:TCP"= 2666:TCP:Akamai NetSession Interface
"2851:TCP"= 2851:TCP:Akamai NetSession Interface
"4510:TCP"= 4510:TCP:Akamai NetSession Interface
"4689:TCP"= 4689:TCP:Akamai NetSession Interface
"4875:TCP"= 4875:TCP:Akamai NetSession Interface
"2309:TCP"= 2309:TCP:Akamai NetSession Interface
"3579:TCP"= 3579:TCP:Akamai NetSession Interface
"3829:TCP"= 3829:TCP:Akamai NetSession Interface
"1879:TCP"= 1879:TCP:Akamai NetSession Interface
"2574:TCP"= 2574:TCP:Akamai NetSession Interface
"2410:TCP"= 2410:TCP:Akamai NetSession Interface
"3116:TCP"= 3116:TCP:Akamai NetSession Interface
"4933:TCP"= 4933:TCP:Akamai NetSession Interface
"1414:TCP"= 1414:TCP:Akamai NetSession Interface
"2490:TCP"= 2490:TCP:Akamai NetSession Interface
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"1969:TCP"= 1969:TCP:Akamai NetSession Interface
"4369:TCP"= 4369:TCP:Akamai NetSession Interface
"2241:TCP"= 2241:TCP:Akamai NetSession Interface
"1715:TCP"= 1715:TCP:Akamai NetSession Interface
"2228:TCP"= 2228:TCP:Akamai NetSession Interface
"2733:TCP"= 2733:TCP:Akamai NetSession Interface
"4303:TCP"= 4303:TCP:Akamai NetSession Interface
"1353:TCP"= 1353:TCP:Akamai NetSession Interface
"1763:TCP"= 1763:TCP:Akamai NetSession Interface
"4185:TCP"= 4185:TCP:Akamai NetSession Interface
"3064:TCP"= 3064:TCP:Akamai NetSession Interface
"1147:TCP"= 1147:TCP:Akamai NetSession Interface
"3551:TCP"= 3551:TCP:Akamai NetSession Interface
"1070:TCP"= 1070:TCP:Akamai NetSession Interface
"1351:TCP"= 1351:TCP:Akamai NetSession Interface
"2892:TCP"= 2892:TCP:Akamai NetSession Interface
"2655:TCP"= 2655:TCP:Akamai NetSession Interface
"3710:TCP"= 3710:TCP:Akamai NetSession Interface
"1179:TCP"= 1179:TCP:Akamai NetSession Interface
"1751:TCP"= 1751:TCP:Akamai NetSession Interface
"1057:TCP"= 1057:TCP:Akamai NetSession Interface
"2405:TCP"= 2405:TCP:Akamai NetSession Interface
"2773:TCP"= 2773:TCP:Akamai NetSession Interface
"1100:TCP"= 1100:TCP:Akamai NetSession Interface
"1074:TCP"= 1074:TCP:Akamai NetSession Interface
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-02 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-02 28544]
R0 RRamdisk;Ramdisk Driver;c:\windows\system32\drivers\rramdisk.sys [2009-01-08 12288]
R0 secdir;Folder Security Personal;c:\windows\system32\secdir.sys [2008-08-16 70656]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2009-04-07 134272]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [2009-04-07 971552]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-28 114768]
R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2008-06-05 53240]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-02-27 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-17 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-28 20560]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-10-20 596840]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-10-20 596840]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-03-01 603904]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2009-02-04 9472]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-02-27 65576]
R3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-04-21 9344]
S1 amdtools;AMD Special Tools Driver; [x]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 gupdate1c9aa39b7cae9da;Google Update Service (gupdate1c9aa39b7cae9da);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
S2 HDD Temperature;HDD Temperature Service; [x]
S2 MSSQL$CSSQL05;SQL Server (CSSQL05);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-10-09 20856]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [2008-07-28 4134]
S3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2006-11-01 3328]
S3 NRKCTL32;NRKCTL32; [x]
S3 PhTVTune;TCL2002 TV Tuner;c:\windows\system32\drivers\phtvtune.sys [2008-07-27 19904]
S3 SetupNTGLM7X;SetupNTGLM7X; [x]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2009-01-21 23600]
S4 COM Service;COM Service;"c:\program files\GIGABYTE\C.O.M\GCSVR.EXE" --> c:\program files\GIGABYTE\C.O.M\GCSVR.EXE [?]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ECABE060-DAD2-D904-EED9-EF6419549337}]
c:\windows\system32\svchost.exe
.
Obsah adresáře 'Naplánované úlohy'
2009-06-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2009-06-21 c:\windows\Tasks\20090323_202000_Petr.job
- c:\program files\Nero\Nero8\Nero BackItUp\BackItUp.exe [2007-08-08 08:24]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí Net Transportu - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files\Xi\NetTransport 2\NTAddList.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://193.165.78.6/VatDec.cab
FF - ProfilePath -
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 20:44
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\windows\system32\$FSPINI$.DAT 1024 bytes
c:\windows\system32\FLOCKER.ACL 0 bytes
c:\windows\system32\Flocker.USR 444 bytes
sken byl úspešně dokončen
skryté soubory: 3
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet132\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{474415E1-AF1A-A200-48AF-54150B2D4BA0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"panifpacfhnpkeclcmgimcbofgaejjee"=hex:61,62,69,67,63,6f,6d,64,67,6f,70,6c,62,
70,70,67,6b,6c,62,6e,67,6e,66,64,6d,6e,6e,61,61,66,70,63,6c,69,00,47
"padhieabcecjoebgaoofijogllcpfkai"=hex:61,62,69,67,63,6f,6d,64,67,6f,70,6c,62,
70,70,67,6b,6c,62,6e,67,6e,66,64,6f,6e,6c,66,70,66,67,62,6c,63,00,00
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B5E0D790-0328-6E83-BA75-CE581B58000B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"pabbgidbgmnfcialmmojcepgpbpgbbjn"=hex:61,62,6b,6e,6b,6a,6c,6a,64,65,65,6d,68,
64,6b,6f,6f,63,61,63,65,66,6e,6b,64,6e,69,65,63,65,68,63,64,62,00,47
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:41,d4,3a,33,d3,89,92,d0,4d,ca,e0,c0,34,33,2c,9a,e2,a4,04,0d,d8,42,d6,
25,64,5e,0d,23,f4,92,d9,b6,16,8d,1c,12,4d,ab,4d,08,53,fa,3f,3b,c4,05,08,3a,\
"??"=hex:02,79,70,68,17,b4,8f,d8,a0,cb,70,02,f9,7f,5f,53
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:98,df,b9,c4,97,53,a6,37,e5,b9,75,ca,a1,e1,ed,7d,15,1a,f1,7d,82,
2d,19,55,b7,85,26,45,37,7c,d6,f0,ef,b7,15,a4,56,87,59,44,93,32,27,4a,c9,01,\
"rkeysecu"=hex:7b,72,96,fc,88,1e,5a,a0,13,5b,4e,03,6d,02,78,63
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b0,46,df,66,96,
d8,12,f2,c8,28,51,af,b0,29,a3,98,81,44,76,ac,2b,fd,57,1b,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,c7,19,ca,a0,33,
66,67,75,71,3b,04,66,8b,46,0d,96,9d,69,59,06,95,af,c3,b2,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,24,64,06,cf,27,
51,23,29,25,da,ec,7e,55,20,c9,26,92,87,b0,92,31,16,17,90,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,da,cb,98,c5,35,
70,56,26,3e,1e,9e,e0,57,5a,93,61,93,7b,db,ec,91,42,93,ee,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,16,fb,66,e8,9f,
f4,6a,e6,cd,44,cd,b9,a6,33,6c,cd,71,28,a9,72,58,d9,5e,fe,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,e3,3b,1d,e3,ea,
8d,71,67,b0,18,ed,a7,3f,8d,37,a4,55,62,3e,9a,b5,d2,e8,e6,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,fa,8c,48,14,5a,
ca,97,b9,31,77,e1,ba,b1,f8,68,02,4a,2d,f1,b3,5f,d1,61,5b,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,d9,88,5a,62,9a,
43,cf,27,83,6c,56,8b,a0,85,96,ab,45,0b,81,f4,c6,b2,de,f0,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,aa,f1,64,2b,c6,
4f,a2,73,51,fa,6e,91,28,9e,14,cc,e8,43,70,67,8c,62,db,5d,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,33,43,be,b6,59,
15,79,0f,b1,cd,45,5a,a8,c4,f8,b9,88,df,a0,f4,43,7f,51,96,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,2e,29,59,36,9d,
a5,af,b8,e3,0e,66,d5,eb,bc,2f,6b,e9,98,75,5c,f1,de,8d,af,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,f5,89,2c,49,ad,
da,a4,67,fa,ea,66,7f,d4,3b,6b,70,66,f3,d3,3e,0c,de,60,76,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Nls\net\AllowedPaths*]
@=hex:f1,ef,1c,47,00,00,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1604)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1012)
c:\windows\TrnOEH.dll
c:\program files\MozyHome\mozyshell.dll
c:\windows\system32\msi.dll
.
Celkový čas: 2009-06-22 20:48
ComboFix-quarantined-files.txt 2009-06-22 18:48
ComboFix2.txt 2009-06-22 18:30
Před spuštěním: Volných bajtů: 69,543,501,824
Po spuštění: Volných bajtů: 69,445,832,704
391 --- E O F --- 2009-05-13 13:08
-
legendaryboy
- Level 1
- Příspěvky: 80
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu z RSIT
koukam ze tam ten "Akamai NetSession Interface" je porad.... nevim sice co to znamena ale nelibi se mi to! 
Jdu je rucne smazat a zapnu win-firewal.
Jdu je rucne smazat a zapnu win-firewal.-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu z RSIT
Jo , zítra se na to podívám a vypracuji script , dnes už to nestihnu..
Sunbelt Personal Firewall- pokud nainstaluješ jiný firewall než ve win , tak před instalací Keria ( a dalších) se Ti vypne firewall ve win , to je normální-nemohou běžet oba.
Takže zítra...
Sunbelt Personal Firewall- pokud nainstaluješ jiný firewall než ve win , tak před instalací Keria ( a dalších) se Ti vypne firewall ve win , to je normální-nemohou běžet oba.
Takže zítra...
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu z RSIT
Co je Akamai NetSession Interface?
V Akamai NetSession Interface je distribuován sítí software, který výrazně zlepšuje kvalitu a rychlost stahování a video proudů se dostanete z internetových stránek, které podporují technologii Akamai. V Akamai NetSession rozhraní zvládá caching, což odráží i posílání souborů dodaných na vás prostřednictvím sítě Akamai. Tento software je bezpečný a spolehlivý, a neobsahuje žádný spyware nebo adware a nikdy se. Také může být snadno odstraněna, pokud si již nepřejete používat (viz 'Jak odinstalovat Akamai NetSession Interface?').
Jak mohu odinstalovat Akamai NetSession Interface?
Windows: V Akamai NetSession Interface je síť knihoven integrovány do jiných aplikací. Při odinstalovávání žádné z těchto žádostí, knihovny uninitializes. Pokud si přejete odinstalovat Akamai NetSession Interface, jděte na AdminTool nalézt na C: \ Program Files \ Common Files \ Akamai \ AdminTool.exe
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
V Akamai NetSession Interface je distribuován sítí software, který výrazně zlepšuje kvalitu a rychlost stahování a video proudů se dostanete z internetových stránek, které podporují technologii Akamai. V Akamai NetSession rozhraní zvládá caching, což odráží i posílání souborů dodaných na vás prostřednictvím sítě Akamai. Tento software je bezpečný a spolehlivý, a neobsahuje žádný spyware nebo adware a nikdy se. Také může být snadno odstraněna, pokud si již nepřejete používat (viz 'Jak odinstalovat Akamai NetSession Interface?').
Jak mohu odinstalovat Akamai NetSession Interface?
Windows: V Akamai NetSession Interface je síť knihoven integrovány do jiných aplikací. Při odinstalovávání žádné z těchto žádostí, knihovny uninitializes. Pokud si přejete odinstalovat Akamai NetSession Interface, jděte na AdminTool nalézt na C: \ Program Files \ Common Files \ Akamai \ AdminTool.exe
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\windows\iun6002.exe
c:\windows\cnerolf.bin
Driver::
pavboot;pavboot
pavboot
HDD Temperature Service
HDD Temperature;HDD Temperature Service
NRKCTL32;NRKCTL32
NRKCTL32
SetupNTGLM7X;SetupNTGLM7X
SetupNTGLM7X
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b0,46,df,66,96,
d8,12,f2,c8,28,51,af,b0,29,a3,98,81,44,76,ac,2b,fd,57,1b,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,c7,19,ca,a0,33,
66,67,75,71,3b,04,66,8b,46,0d,96,9d,69,59,06,95,af,c3,b2,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,24,64,06,cf,27,
51,23,29,25,da,ec,7e,55,20,c9,26,92,87,b0,92,31,16,17,90,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,da,cb,98,c5,35,
70,56,26,3e,1e,9e,e0,57,5a,93,61,93,7b,db,ec,91,42,93,ee,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,16,fb,66,e8,9f,
f4,6a,e6,cd,44,cd,b9,a6,33,6c,cd,71,28,a9,72,58,d9,5e,fe,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,e3,3b,1d,e3,ea,
8d,71,67,b0,18,ed,a7,3f,8d,37,a4,55,62,3e,9a,b5,d2,e8,e6,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,fa,8c,48,14,5a,
ca,97,b9,31,77,e1,ba,b1,f8,68,02,4a,2d,f1,b3,5f,d1,61,5b,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,d9,88,5a,62,9a,
43,cf,27,83,6c,56,8b,a0,85,96,ab,45,0b,81,f4,c6,b2,de,f0,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,aa,f1,64,2b,c6,
4f,a2,73,51,fa,6e,91,28,9e,14,cc,e8,43,70,67,8c,62,db,5d,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,33,43,be,b6,59,
15,79,0f,b1,cd,45,5a,a8,c4,f8,b9,88,df,a0,f4,43,7f,51,96,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,2e,29,59,36,9d,
a5,af,b8,e3,0e,66,d5,eb,bc,2f,6b,e9,98,75,5c,f1,de,8d,af,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,f5,89,2c,49,ad,
da,a4,67,fa,ea,66,7f,d4,3b,6b,70,66,f3,d3,3e,0c,de,60,76,6c,43,2d,1e,aa,22,\Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
legendaryboy
- Level 1
- Příspěvky: 80
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu z RSIT
uf dalo mit o poradne zabrat nez sem ziskal tenhle log z combofixu, 3 hodiny restartovani a zkouseni proc ten combo nechce dojet do konce a proc mi nechce vyhodit log. HJT dodam co nejdriv.
ComboFix 09-06-21.01 - Petr 2009-06-23 21:03.26 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2046.1694 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090623-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
"c:\windows\cnerolf.bin"
"c:\windows\iun6002.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PAVBOOT
-------\Legacy_SETUPNTGLM7X
-------\Service_NRKCTL32
-------\Service_pavboot
-------\Service_SetupNTGLM7X
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-23 do 2009-06-23 )))))))))))))))))))))))))))))))
.
2009-06-23 19:00 . 2009-06-23 19:00 -------- d-----w- c:\windows\LastGood
2009-06-22 17:52 . 2009-06-22 17:52 -------- d-----w- c:\windows\system32\bfubackups
2009-06-22 17:43 . 2009-06-22 17:45 -------- d-----w- C:\bbfu
2009-06-20 10:01 . 2009-06-20 11:46 -------- d-----w- c:\program files\ICQ6.5
2009-06-09 19:37 . 2009-06-09 19:37 -------- d-----w- c:\program files\Adobe Media Player
2009-06-01 18:00 . 2009-06-07 19:06 -------- d-----w- c:\program files\FotoLapse
2009-06-01 17:16 . 2009-06-01 17:16 407047 ----a-w- c:\windows\system32\mioengine.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 19:00 . 2001-10-25 14:00 530496 ----a-w- c:\windows\system32\perfh005.dat
2009-06-23 19:00 . 2001-10-25 14:00 119168 ----a-w- c:\windows\system32\perfc005.dat
2009-06-23 18:07 . 2008-07-21 19:01 -------- d-----w- c:\program files\Common Files\Akamai
2009-06-23 18:06 . 2008-05-15 20:31 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2009-06-20 16:35 . 2008-06-16 17:43 -------- d-----w- c:\program files\MediaCoder iPhone Edition
2009-06-20 10:02 . 2007-10-25 09:30 -------- d-----w- c:\program files\ICQ6
2009-06-07 19:41 . 2008-12-07 19:05 -------- d-----w- c:\program files\Orbitdownloader
2009-06-01 16:09 . 2008-01-05 11:17 -------- d-----w- c:\program files\Google
2009-05-31 16:49 . 2008-06-05 16:28 -------- d-----w- c:\program files\MozyHome
2009-05-25 18:02 . 2009-05-25 18:01 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-22 16:41 . 2009-03-02 15:11 -------- d-----w- c:\program files\SpywareBlaster
2009-05-19 19:26 . 2009-05-19 19:25 -------- d-----w- c:\program files\Dobrý farmář
2009-05-17 11:44 . 2009-05-17 11:44 -------- d-----w- c:\program files\Bagger-Simulator 2008
2009-05-16 20:15 . 2009-05-16 20:15 -------- d-----w- c:\program files\Cogs
2009-05-16 12:44 . 2009-05-16 12:43 -------- d-----w- c:\program files\iPhoneRingToneMaker
2009-05-15 18:57 . 2009-03-02 15:10 -------- d-----w- c:\program files\Lavasoft
2009-05-15 11:04 . 2008-06-05 16:28 53240 ----a-w- c:\windows\system32\drivers\mozy.sys
2009-05-12 16:24 . 2009-02-05 16:35 83616 ----a-w- C:\GDIPFONTCACHEV1.DAT
2009-05-12 11:17 . 2009-03-03 15:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-12 09:45 . 2007-10-25 21:01 -------- d-----w- c:\program files\MediaCoder
2009-05-11 10:43 . 2009-01-18 20:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-07 15:33 . 2004-08-17 13:49 346624 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 17:50 . 2009-04-28 15:22 -------- d-----w- c:\program files\Microsoft Research
2009-05-06 17:03 . 2009-05-06 17:03 -------- d-----w- c:\program files\Microsoft Virtual PC
2009-05-05 22:31 . 2009-05-25 18:01 2402304 ----a-w- c:\windows\system32\x264vfw.dll
2009-04-29 09:27 . 2007-10-25 20:22 -------- d-----w- c:\program files\Microsoft SQL Server
2009-04-28 15:17 . 2007-10-03 21:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-28 15:08 . 2007-10-14 20:53 -------- d-----w- c:\program files\MSBuild
2009-04-28 15:08 . 2007-10-14 20:51 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-04-19 19:52 . 2004-08-17 13:44 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:54 . 2004-08-17 13:49 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-07 17:02 . 2009-04-07 17:02 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys
2009-04-07 17:02 . 2008-06-15 18:58 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-04-07 17:02 . 2008-06-15 18:58 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-04-07 17:02 . 2009-04-07 17:02 134272 ----a-w- c:\windows\system32\drivers\snman380.sys
2009-04-06 13:32 . 2009-01-18 20:48 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-01-18 20:48 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-02 13:21 . 2009-05-25 18:01 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-02-18 16:59 . 2009-02-18 16:47 907296 --sha-w- c:\windows\system32\drivers\fidbox.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-05-15 11:04 2833208 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-05-15 11:04 2833208 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-02-15 270128]
"OEXPRESS"="c:\windows\OETRN.EXE" [2007-10-17 26624]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-09-10 1188152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2008-11-04 413696]
"Startup Cleaner"="c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe" [2006-10-08 122880]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-12-16 4375032]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-12-16 962128]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-12-16 165144]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 171008]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-23 16804864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Petr\Nabˇdka Start\Programy\Po spuçtŘnˇ\
PdaNet Desktop.lnk - c:\program files\PdaNet for iPhone\PdaNetPC.exe [2009-2-4 163840]
Total Commander.lnk - c:\program files\totalcmd\TOTALCMD.EXE [2008-3-7 1080264]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-5-15 2871608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Metacafe.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Ralink Wireless Utility.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Metacafe.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TryAndDecideService"=2 (0x2)
"PnkBstrA"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"36X Raid Configurer"=c:\windows\system32\JMRaidSetup.exe boot
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 5\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Games\\[ PC Games ] - Age of Empires II(FULL)\\empires2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\SbPFCl.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\MirandaPortable\\App\\miranda\\miranda32.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2402:TCP"= 2402:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"2428:TCP"= 2428:TCP:Akamai NetSession Interface
"1058:TCP"= 1058:TCP:Akamai NetSession Interface
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-02 64160]
R0 RRamdisk;Ramdisk Driver;c:\windows\system32\drivers\rramdisk.sys [2009-01-08 12288]
R0 secdir;Folder Security Personal;c:\windows\system32\secdir.sys [2008-08-16 70656]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2009-04-07 134272]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [2009-04-07 971552]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-02-27 270888]
S1 amdtools;AMD Special Tools Driver; [x]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-28 114768]
S1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2008-06-05 53240]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
S2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-17 14336]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-28 20560]
S2 gupdate1c9aa39b7cae9da;Google Update Service (gupdate1c9aa39b7cae9da);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
S2 HDD Temperature;HDD Temperature Service; [x]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-10-20 596840]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-10-20 596840]
S2 MSSQL$CSSQL05;SQL Server (CSSQL05);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-03-01 603904]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-10-09 20856]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [2008-07-28 4134]
S3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2006-11-01 3328]
S3 PhTVTune;TCL2002 TV Tuner;c:\windows\system32\drivers\phtvtune.sys [2008-07-27 19904]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2009-02-04 9472]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-02-27 65576]
S3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-04-21 9344]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2009-01-21 23600]
S4 COM Service;COM Service;"c:\program files\GIGABYTE\C.O.M\GCSVR.EXE" --> c:\program files\GIGABYTE\C.O.M\GCSVR.EXE [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ECABE060-DAD2-D904-EED9-EF6419549337}]
c:\windows\system32\svchost.exe
.
Obsah adresáře 'Naplánované úlohy'
2009-06-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2009-06-21 c:\windows\Tasks\20090323_202000_Petr.job
- c:\program files\Nero\Nero8\Nero BackItUp\BackItUp.exe [2007-08-08 08:24]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí Net Transportu - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files\Xi\NetTransport 2\NTAddList.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://193.165.78.6/VatDec.cab
FF - ProfilePath -
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 21:10
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\windows\system32\$FSPINI$.DAT 1024 bytes
c:\windows\system32\FLOCKER.ACL 0 bytes
c:\windows\system32\Flocker.USR 444 bytes
sken byl úspešně dokončen
skryté soubory: 3
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet132\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{474415E1-AF1A-A200-48AF-54150B2D4BA0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"panifpacfhnpkeclcmgimcbofgaejjee"=hex:61,62,69,67,63,6f,6d,64,67,6f,70,6c,62,
70,70,67,6b,6c,62,6e,67,6e,66,64,6d,6e,6e,61,61,66,70,63,6c,69,00,47
"padhieabcecjoebgaoofijogllcpfkai"=hex:61,62,69,67,63,6f,6d,64,67,6f,70,6c,62,
70,70,67,6b,6c,62,6e,67,6e,66,64,6f,6e,6c,66,70,66,67,62,6c,63,00,00
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B5E0D790-0328-6E83-BA75-CE581B58000B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"pabbgidbgmnfcialmmojcepgpbpgbbjn"=hex:61,62,6b,6e,6b,6a,6c,6a,64,65,65,6d,68,
64,6b,6f,6f,63,61,63,65,66,6e,6b,64,6e,69,65,63,65,68,63,64,62,00,47
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:41,d4,3a,33,d3,89,92,d0,4d,ca,e0,c0,34,33,2c,9a,e2,a4,04,0d,d8,42,d6,
25,64,5e,0d,23,f4,92,d9,b6,16,8d,1c,12,4d,ab,4d,08,53,fa,3f,3b,c4,05,08,3a,\
"??"=hex:02,79,70,68,17,b4,8f,d8,a0,cb,70,02,f9,7f,5f,53
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:98,df,b9,c4,97,53,a6,37,e5,b9,75,ca,a1,e1,ed,7d,15,1a,f1,7d,82,
2d,19,55,b7,85,26,45,37,7c,d6,f0,ef,b7,15,a4,56,87,59,44,93,32,27,4a,c9,01,\
"rkeysecu"=hex:7b,72,96,fc,88,1e,5a,a0,13,5b,4e,03,6d,02,78,63
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b0,46,df,66,96,
d8,12,f2,c8,28,51,af,b0,29,a3,98,81,44,76,ac,2b,fd,57,1b,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,c7,19,ca,a0,33,
66,67,75,71,3b,04,66,8b,46,0d,96,9d,69,59,06,95,af,c3,b2,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,24,64,06,cf,27,
51,23,29,25,da,ec,7e,55,20,c9,26,92,87,b0,92,31,16,17,90,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,da,cb,98,c5,35,
70,56,26,3e,1e,9e,e0,57,5a,93,61,93,7b,db,ec,91,42,93,ee,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,16,fb,66,e8,9f,
f4,6a,e6,cd,44,cd,b9,a6,33,6c,cd,71,28,a9,72,58,d9,5e,fe,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,e3,3b,1d,e3,ea,
8d,71,67,b0,18,ed,a7,3f,8d,37,a4,55,62,3e,9a,b5,d2,e8,e6,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,fa,8c,48,14,5a,
ca,97,b9,31,77,e1,ba,b1,f8,68,02,4a,2d,f1,b3,5f,d1,61,5b,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,d9,88,5a,62,9a,
43,cf,27,83,6c,56,8b,a0,85,96,ab,45,0b,81,f4,c6,b2,de,f0,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,aa,f1,64,2b,c6,
4f,a2,73,51,fa,6e,91,28,9e,14,cc,e8,43,70,67,8c,62,db,5d,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,33,43,be,b6,59,
15,79,0f,b1,cd,45,5a,a8,c4,f8,b9,88,df,a0,f4,43,7f,51,96,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,2e,29,59,36,9d,
a5,af,b8,e3,0e,66,d5,eb,bc,2f,6b,e9,98,75,5c,f1,de,8d,af,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,f5,89,2c,49,ad,
da,a4,67,fa,ea,66,7f,d4,3b,6b,70,66,f3,d3,3e,0c,de,60,76,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Nls\net\AllowedPaths*]
@=hex:f1,ef,1c,47,00,00,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(420)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-06-23 21:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-23 19:12
Před spuštěním: Volných bajtů: 69,330,202,624
Po spuštění: Volných bajtů: 69,236,318,208
329 --- E O F --- 2009-06-23 18:37
ComboFix 09-06-21.01 - Petr 2009-06-23 21:03.26 - NTFSx86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2046.1694 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090623-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
"c:\windows\cnerolf.bin"
"c:\windows\iun6002.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PAVBOOT
-------\Legacy_SETUPNTGLM7X
-------\Service_NRKCTL32
-------\Service_pavboot
-------\Service_SetupNTGLM7X
((((((((((((((((((((((((( Soubory vytvořené od 2009-05-23 do 2009-06-23 )))))))))))))))))))))))))))))))
.
2009-06-23 19:00 . 2009-06-23 19:00 -------- d-----w- c:\windows\LastGood
2009-06-22 17:52 . 2009-06-22 17:52 -------- d-----w- c:\windows\system32\bfubackups
2009-06-22 17:43 . 2009-06-22 17:45 -------- d-----w- C:\bbfu
2009-06-20 10:01 . 2009-06-20 11:46 -------- d-----w- c:\program files\ICQ6.5
2009-06-09 19:37 . 2009-06-09 19:37 -------- d-----w- c:\program files\Adobe Media Player
2009-06-01 18:00 . 2009-06-07 19:06 -------- d-----w- c:\program files\FotoLapse
2009-06-01 17:16 . 2009-06-01 17:16 407047 ----a-w- c:\windows\system32\mioengine.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 19:00 . 2001-10-25 14:00 530496 ----a-w- c:\windows\system32\perfh005.dat
2009-06-23 19:00 . 2001-10-25 14:00 119168 ----a-w- c:\windows\system32\perfc005.dat
2009-06-23 18:07 . 2008-07-21 19:01 -------- d-----w- c:\program files\Common Files\Akamai
2009-06-23 18:06 . 2008-05-15 20:31 -------- d-----w- c:\program files\Mozilla Firefox 3 Beta 5
2009-06-20 16:35 . 2008-06-16 17:43 -------- d-----w- c:\program files\MediaCoder iPhone Edition
2009-06-20 10:02 . 2007-10-25 09:30 -------- d-----w- c:\program files\ICQ6
2009-06-07 19:41 . 2008-12-07 19:05 -------- d-----w- c:\program files\Orbitdownloader
2009-06-01 16:09 . 2008-01-05 11:17 -------- d-----w- c:\program files\Google
2009-05-31 16:49 . 2008-06-05 16:28 -------- d-----w- c:\program files\MozyHome
2009-05-25 18:02 . 2009-05-25 18:01 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-22 16:41 . 2009-03-02 15:11 -------- d-----w- c:\program files\SpywareBlaster
2009-05-19 19:26 . 2009-05-19 19:25 -------- d-----w- c:\program files\Dobrý farmář
2009-05-17 11:44 . 2009-05-17 11:44 -------- d-----w- c:\program files\Bagger-Simulator 2008
2009-05-16 20:15 . 2009-05-16 20:15 -------- d-----w- c:\program files\Cogs
2009-05-16 12:44 . 2009-05-16 12:43 -------- d-----w- c:\program files\iPhoneRingToneMaker
2009-05-15 18:57 . 2009-03-02 15:10 -------- d-----w- c:\program files\Lavasoft
2009-05-15 11:04 . 2008-06-05 16:28 53240 ----a-w- c:\windows\system32\drivers\mozy.sys
2009-05-12 16:24 . 2009-02-05 16:35 83616 ----a-w- C:\GDIPFONTCACHEV1.DAT
2009-05-12 11:17 . 2009-03-03 15:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-12 09:45 . 2007-10-25 21:01 -------- d-----w- c:\program files\MediaCoder
2009-05-11 10:43 . 2009-01-18 20:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-07 15:33 . 2004-08-17 13:49 346624 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 17:50 . 2009-04-28 15:22 -------- d-----w- c:\program files\Microsoft Research
2009-05-06 17:03 . 2009-05-06 17:03 -------- d-----w- c:\program files\Microsoft Virtual PC
2009-05-05 22:31 . 2009-05-25 18:01 2402304 ----a-w- c:\windows\system32\x264vfw.dll
2009-04-29 09:27 . 2007-10-25 20:22 -------- d-----w- c:\program files\Microsoft SQL Server
2009-04-28 15:17 . 2007-10-03 21:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-28 15:08 . 2007-10-14 20:53 -------- d-----w- c:\program files\MSBuild
2009-04-28 15:08 . 2007-10-14 20:51 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-04-19 19:52 . 2004-08-17 13:44 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:54 . 2004-08-17 13:49 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-07 17:02 . 2009-04-07 17:02 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys
2009-04-07 17:02 . 2008-06-15 18:58 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-04-07 17:02 . 2008-06-15 18:58 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-04-07 17:02 . 2009-04-07 17:02 134272 ----a-w- c:\windows\system32\drivers\snman380.sys
2009-04-06 13:32 . 2009-01-18 20:48 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-01-18 20:48 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-02 13:21 . 2009-05-25 18:01 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2009-02-18 16:59 . 2009-02-18 16:47 907296 --sha-w- c:\windows\system32\drivers\fidbox.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-05-15 11:04 2833208 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-05-15 11:04 2833208 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-02-15 270128]
"OEXPRESS"="c:\windows\OETRN.EXE" [2007-10-17 26624]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-09-10 1188152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2008-11-04 413696]
"Startup Cleaner"="c:\program files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe" [2006-10-08 122880]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-12-16 4375032]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-12-16 962128]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-12-16 165144]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 171008]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-23 16804864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Petr\Nabˇdka Start\Programy\Po spuçtŘnˇ\
PdaNet Desktop.lnk - c:\program files\PdaNet for iPhone\PdaNetPC.exe [2009-2-4 163840]
Total Commander.lnk - c:\program files\totalcmd\TOTALCMD.EXE [2008-3-7 1080264]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-5-15 2871608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Metacafe.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Ralink Wireless Utility.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Metacafe.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TryAndDecideService"=2 (0x2)
"PnkBstrA"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"36X Raid Configurer"=c:\windows\system32\JMRaidSetup.exe boot
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 5\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"f:\\Games\\[ PC Games ] - Age of Empires II(FULL)\\empires2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\SbPFCl.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\MirandaPortable\\App\\miranda\\miranda32.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2402:TCP"= 2402:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"2428:TCP"= 2428:TCP:Akamai NetSession Interface
"1058:TCP"= 1058:TCP:Akamai NetSession Interface
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-02 64160]
R0 RRamdisk;Ramdisk Driver;c:\windows\system32\drivers\rramdisk.sys [2009-01-08 12288]
R0 secdir;Folder Security Personal;c:\windows\system32\secdir.sys [2008-08-16 70656]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2009-04-07 134272]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [2009-04-07 971552]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-02-27 270888]
S1 amdtools;AMD Special Tools Driver; [x]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-28 114768]
S1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [2008-06-05 53240]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
S2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-17 14336]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-28 20560]
S2 gupdate1c9aa39b7cae9da;Google Update Service (gupdate1c9aa39b7cae9da);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
S2 HDD Temperature;HDD Temperature Service; [x]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-10-20 596840]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-10-20 596840]
S2 MSSQL$CSSQL05;SQL Server (CSSQL05);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-03-01 603904]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2007-10-09 20856]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [2008-07-28 4134]
S3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2006-11-01 3328]
S3 PhTVTune;TCL2002 TV Tuner;c:\windows\system32\drivers\phtvtune.sys [2008-07-27 19904]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2009-02-04 9472]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-02-27 65576]
S3 tenCapture;tenCapture;c:\windows\system32\drivers\tenCapture.sys [2007-04-21 9344]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [2009-01-21 23600]
S4 COM Service;COM Service;"c:\program files\GIGABYTE\C.O.M\GCSVR.EXE" --> c:\program files\GIGABYTE\C.O.M\GCSVR.EXE [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ECABE060-DAD2-D904-EED9-EF6419549337}]
c:\windows\system32\svchost.exe
.
Obsah adresáře 'Naplánované úlohy'
2009-06-23 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2009-06-21 c:\windows\Tasks\20090323_202000_Petr.job
- c:\program files\Nero\Nero8\Nero BackItUp\BackItUp.exe [2007-08-08 08:24]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí Net Transportu - c:\program files\Xi\NetTransport 2\NTAddLink.html
IE: Stáhnout vše pomocí &Net Transportu - c:\program files\Xi\NetTransport 2\NTAddList.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} - hxxp://193.165.78.6/VatDec.cab
FF - ProfilePath -
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-23 21:10
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
c:\windows\system32\$FSPINI$.DAT 1024 bytes
c:\windows\system32\FLOCKER.ACL 0 bytes
c:\windows\system32\Flocker.USR 444 bytes
sken byl úspešně dokončen
skryté soubory: 3
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet132\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{474415E1-AF1A-A200-48AF-54150B2D4BA0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"panifpacfhnpkeclcmgimcbofgaejjee"=hex:61,62,69,67,63,6f,6d,64,67,6f,70,6c,62,
70,70,67,6b,6c,62,6e,67,6e,66,64,6d,6e,6e,61,61,66,70,63,6c,69,00,47
"padhieabcecjoebgaoofijogllcpfkai"=hex:61,62,69,67,63,6f,6d,64,67,6f,70,6c,62,
70,70,67,6b,6c,62,6e,67,6e,66,64,6f,6e,6c,66,70,66,67,62,6c,63,00,00
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B5E0D790-0328-6E83-BA75-CE581B58000B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"pabbgidbgmnfcialmmojcepgpbpgbbjn"=hex:61,62,6b,6e,6b,6a,6c,6a,64,65,65,6d,68,
64,6b,6f,6f,63,61,63,65,66,6e,6b,64,6e,69,65,63,65,68,63,64,62,00,47
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:41,d4,3a,33,d3,89,92,d0,4d,ca,e0,c0,34,33,2c,9a,e2,a4,04,0d,d8,42,d6,
25,64,5e,0d,23,f4,92,d9,b6,16,8d,1c,12,4d,ab,4d,08,53,fa,3f,3b,c4,05,08,3a,\
"??"=hex:02,79,70,68,17,b4,8f,d8,a0,cb,70,02,f9,7f,5f,53
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:98,df,b9,c4,97,53,a6,37,e5,b9,75,ca,a1,e1,ed,7d,15,1a,f1,7d,82,
2d,19,55,b7,85,26,45,37,7c,d6,f0,ef,b7,15,a4,56,87,59,44,93,32,27,4a,c9,01,\
"rkeysecu"=hex:7b,72,96,fc,88,1e,5a,a0,13,5b,4e,03,6d,02,78,63
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,b0,46,df,66,96,
d8,12,f2,c8,28,51,af,b0,29,a3,98,81,44,76,ac,2b,fd,57,1b,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,c7,19,ca,a0,33,
66,67,75,71,3b,04,66,8b,46,0d,96,9d,69,59,06,95,af,c3,b2,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,24,64,06,cf,27,
51,23,29,25,da,ec,7e,55,20,c9,26,92,87,b0,92,31,16,17,90,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,da,cb,98,c5,35,
70,56,26,3e,1e,9e,e0,57,5a,93,61,93,7b,db,ec,91,42,93,ee,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,16,fb,66,e8,9f,
f4,6a,e6,cd,44,cd,b9,a6,33,6c,cd,71,28,a9,72,58,d9,5e,fe,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,e3,3b,1d,e3,ea,
8d,71,67,b0,18,ed,a7,3f,8d,37,a4,55,62,3e,9a,b5,d2,e8,e6,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,fa,8c,48,14,5a,
ca,97,b9,31,77,e1,ba,b1,f8,68,02,4a,2d,f1,b3,5f,d1,61,5b,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,d9,88,5a,62,9a,
43,cf,27,83,6c,56,8b,a0,85,96,ab,45,0b,81,f4,c6,b2,de,f0,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,aa,f1,64,2b,c6,
4f,a2,73,51,fa,6e,91,28,9e,14,cc,e8,43,70,67,8c,62,db,5d,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,33,43,be,b6,59,
15,79,0f,b1,cd,45,5a,a8,c4,f8,b9,88,df,a0,f4,43,7f,51,96,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,2e,29,59,36,9d,
a5,af,b8,e3,0e,66,d5,eb,bc,2f,6b,e9,98,75,5c,f1,de,8d,af,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,f5,89,2c,49,ad,
da,a4,67,fa,ea,66,7f,d4,3b,6b,70,66,f3,d3,3e,0c,de,60,76,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Nls\net\AllowedPaths*]
@=hex:f1,ef,1c,47,00,00,00,00
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(420)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-06-23 21:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-06-23 19:12
Před spuštěním: Volných bajtů: 69,330,202,624
Po spuštění: Volných bajtů: 69,236,318,208
329 --- E O F --- 2009-06-23 18:37
-
legendaryboy
- Level 1
- Příspěvky: 80
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu z RSIT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52, on 2009-06-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\PdaNet for iPhone\PdaNetPC.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Startup Cleaner] C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for iPhone\PdaNetPC.exe
O4 - Startup: Total Commander.lnk = C:\Program Files\totalcmd\TOTALCMD.EXE
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: Orbit.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://193.165.78.6/VatDec.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5919371546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1786278468
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9aa39b7cae9da) (gupdate1c9aa39b7cae9da) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Temperature Service (HDD Temperature) - Windows (R) Server 2003 DDK provider - (no file)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\RpcSandraSrv.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 14984 bytes
Scan saved at 21:52, on 2009-06-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\PdaNet for iPhone\PdaNetPC.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Startup Cleaner] C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for iPhone\PdaNetPC.exe
O4 - Startup: Total Commander.lnk = C:\Program Files\totalcmd\TOTALCMD.EXE
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: Orbit.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Stáhnout vše pomocí &Net Transportu - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://193.165.78.6/VatDec.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5919371546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1786278468
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9aa39b7cae9da) (gupdate1c9aa39b7cae9da) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Temperature Service (HDD Temperature) - Windows (R) Server 2003 DDK provider - (no file)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\RpcSandraSrv.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 14984 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu z RSIT
Stáhni si TFC
http://oldtimer.geekstogo.com/TFC.exe
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
TFC (Temp souboru Cleaner)- pouze čistí Temp složky , nečistí URL, historii, prefetch ani cookies.Zcela vymaže všechny dočasné soubory, kde ostatní čističe mohou selhat.Vyčistí všechny složky pro všechny uživatelské účty (temp, IE temp, java, FF, Opera, Chrome, Safari), včetně správce, všechny uživatele, LocalService, NetworkService, a všechny ostatní účty uživatele složku. Také čistí se na% systemroot% \ temp složku a kontrol. Tmp soubory ve složce% systemdrive% kořenové složce% systemroot% a system32 složku (i 32bit i 64bit na 64bit OSS). Ukazuje se částka odebrána pro každou lokalitu existuje (v bytech) a celková odstraněn (v MB). Před spuštěním je zastavit Explorer a všechny ostatní běžící aplikace. Když skončí, pokud je třeba restartovat počítač uživatele musí restartu dokončete zúčtování v jakékoli užití temp-soubory.
******************************************************************************************************************************************
Klikni pravým na tento počítač-vyber vlastnosti-upřesnit-spouštění a zotavení systému( nastavení)-upravit, měl bys tam mít tento text, pokud ne , vymaž vše a zkopíruj a vlož tento text:
Dej OK.
******************************************************************************************************************************************
Jdi na tuto internetovou stránku: http://support.microsoft.com/kb/310994
- Dole na stránce klikni na odkaz ke stažení instalátoru Konzole pro zotavení, který odpovídá typu (Windows XP Home/Professional) a verzi (bez Service Packu / Service Pack 1 / Service Pack 2-platí i pro SP3) Tvého operačního systému. Instalátor stáhni do stejného umístění, kde máš uložený ComboFix.(plocha)
- Uchop myší stažený instalátor a přetáhni ho nad ComboFix a upusť.
- Postupuj podle pokynů na obrazovce a potvrď licenční podmínky pro zahájení instalace konzole.
- Při další výzvě klikni na tlačítko Yes a ComboFix dodatečně proskenuje váš počítač.
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopíruj celý jeho obsah sem.
******************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
http://oldtimer.geekstogo.com/TFC.exe
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
TFC (Temp souboru Cleaner)- pouze čistí Temp složky , nečistí URL, historii, prefetch ani cookies.Zcela vymaže všechny dočasné soubory, kde ostatní čističe mohou selhat.Vyčistí všechny složky pro všechny uživatelské účty (temp, IE temp, java, FF, Opera, Chrome, Safari), včetně správce, všechny uživatele, LocalService, NetworkService, a všechny ostatní účty uživatele složku. Také čistí se na% systemroot% \ temp složku a kontrol. Tmp soubory ve složce% systemdrive% kořenové složce% systemroot% a system32 složku (i 32bit i 64bit na 64bit OSS). Ukazuje se částka odebrána pro každou lokalitu existuje (v bytech) a celková odstraněn (v MB). Před spuštěním je zastavit Explorer a všechny ostatní běžící aplikace. Když skončí, pokud je třeba restartovat počítač uživatele musí restartu dokončete zúčtování v jakékoli užití temp-soubory.
******************************************************************************************************************************************
Klikni pravým na tento počítač-vyber vlastnosti-upřesnit-spouštění a zotavení systému( nastavení)-upravit, měl bys tam mít tento text, pokud ne , vymaž vše a zkopíruj a vlož tento text:
Kód: Vybrat vše
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetectDej OK.
******************************************************************************************************************************************
Jdi na tuto internetovou stránku: http://support.microsoft.com/kb/310994
- Dole na stránce klikni na odkaz ke stažení instalátoru Konzole pro zotavení, který odpovídá typu (Windows XP Home/Professional) a verzi (bez Service Packu / Service Pack 1 / Service Pack 2-platí i pro SP3) Tvého operačního systému. Instalátor stáhni do stejného umístění, kde máš uložený ComboFix.(plocha)
- Uchop myší stažený instalátor a přetáhni ho nad ComboFix a upusť.
- Postupuj podle pokynů na obrazovce a potvrď licenční podmínky pro zahájení instalace konzole.
- Při další výzvě klikni na tlačítko Yes a ComboFix dodatečně proskenuje váš počítač.
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopíruj celý jeho obsah sem.
******************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
RegNull::
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{474415E1-AF1A-A200-48AF-54150B2D4BA0}*]
[HKEY_USERS\S-1-5-21-1220945662-606747145-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B5E0D790-0328-6E83-BA75-CE581B58000B}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
legendaryboy
- Level 1
- Příspěvky: 80
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu z RSIT
Jen pro informaci, nevim estli se to da nekde vycist v tech log textacich, ale mam omezen start nejakych programu pres msconfig, pac sem trochu experimentoval, a zdalo se mi ze se problemy omezenim startu tech programu pri bootu trochu vyresily. viz foto
nevim jestli by to nedelalo neplechu, zas tolik tomu nerozumim, mam tedy msconfig nechat jak je, anebo nastavit na "normalni spusteni"?
nevim jestli by to nedelalo neplechu, zas tolik tomu nerozumim, mam tedy msconfig nechat jak je, anebo nastavit na "normalni spusteni"?
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu z RSIT
Pokud máš vypnuto jen to viditelné na prvním screenu , tak to nevadí.
Zajímá mě ten původní boot.ini - můžeš sem vložit celý zkopírovaný.
Zajímá mě ten původní boot.ini - můžeš sem vložit celý zkopírovaný.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 41 hostů